> i'd also recommend removing the phpmyadmin or making the security based on
> users on the machine and not the database username and password, since
> those are all checked into sourceforge cvs.....
>
> i noticed in postnuke they base64encode the password to the db and write
> that to the config file, i encoded ours and put it in my copy of common.pl
> so the get_dbh will look like this:
>
> sub get_dbh {
> my $dsn = "DBI:mysql:database=voicemail;host=localhost";
>
> my $user = "dm9pY2VtYWls";
> my $password = "Y29tbWFpbA==";
>
> use MIME::Base64 ;
>
> $user = decode_base64($user);
> $password = decode_base64($password);
>
> my $dbh = DBI->connect($dsn, $user, $password);
> return $dbh ;
> }
>
> (this works, i tested it)
> still, anyone with the MIME::Base64 package (standard in perl) can get the
> password but it may provide a teeny bit of extra security...what do u guys
> think? should i check it in?
>
Sounds like a good thing to me. We also need to store the voicemail
passwords in clear text.
Aloha,
Matt
|
