[mh53j_fe]

We have a perl login script that connects to our Oracle database. The only problem is that the Oracle user id and password are not encrypted. In other words, any human reviewing the module can see the ID and password.

Is there a Perl program that allows us to hide (encrypt) the ID and password so that human eyes can not see it.

Thanks to all for your help. I look forward to hearing your responses....

[Chas]

Your best bet is to search CPAN for crypt and/or decrypt. Most perl encryption is one-way so you will need to hunt for something that does both. The problem is that is your code can decrypt it, almost anyone looking at the code with a little perl experience can also figure out how to decrypt it.

I generally keep sensitive config data in a separate module (as a hash usually) that I can either just do or require into the my applications. That does two things: 1) It keeps this data out of the main applications and 2) If I have multiple applications using the same info, it's a single point of change for all applications cutting down on maintenance. I keep these moduls as well as most of my other modules in a private lib above the doc_root just to be safe. If Apache uses suEXEC, you can lock down that lib pretty tight preventing anyone but you and your applications from accessing. If there are multiple people with access to the server as your user, that wont help you too much.

~Charlie