From: Matt D. <mda...@se...> - 2003-08-19 00:55:29
|
> i'd also recommend removing the phpmyadmin or making the security based on > users on the machine and not the database username and password, since > those are all checked into sourceforge cvs..... > > i noticed in postnuke they base64encode the password to the db and write > that to the config file, i encoded ours and put it in my copy of common.pl > so the get_dbh will look like this: > > sub get_dbh { > my $dsn = "DBI:mysql:database=voicemail;host=localhost"; > > my $user = "dm9pY2VtYWls"; > my $password = "Y29tbWFpbA=="; > > use MIME::Base64 ; > > $user = decode_base64($user); > $password = decode_base64($password); > > my $dbh = DBI->connect($dsn, $user, $password); > return $dbh ; > } > > (this works, i tested it) > still, anyone with the MIME::Base64 package (standard in perl) can get the > password but it may provide a teeny bit of extra security...what do u guys > think? should i check it in? > Sounds like a good thing to me. We also need to store the voicemail passwords in clear text. Aloha, Matt |