[Linuxvm-dev] Re: Radiology server access

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

> i'd also recommend removing the phpmyadmin or making the security based on
> users on the machine and not the database username and password, since
> those are all checked into sourceforge cvs.....
>
> i noticed in postnuke they base64encode the password to the db and write
> that to the config file, i encoded ours and put it in my copy of common.pl
> so the get_dbh will look like this:
>
> sub get_dbh {
>   my $dsn = "DBI:mysql:database=voicemail;host=localhost";
>
>   my $user = "dm9pY2VtYWls";
>   my $password = "Y29tbWFpbA==";
>
>   use MIME::Base64 ;
>
>   $user = decode_base64($user);
>   $password = decode_base64($password);
>
>   my $dbh = DBI->connect($dsn, $user, $password);
>   return $dbh ;
> }
>
> (this works, i tested it)
> still, anyone with the MIME::Base64 package (standard in perl) can get the
> password but it may provide a teeny bit of extra security...what do u guys
> think? should i check it in?
>

Sounds like a good thing to me.  We also need to store the voicemail
passwords in clear text.

Aloha,
Matt