Maxim Sloyko wrote: > I don't think this solves the problem, because what I usually want is > the user to be able to use the application, but unable to see the DB > password. So the user should have "read" permission set for the file, > but on the other hand he shouldn't. It's not not a problem for Web App, > though. Storing passwords encrypted, decrypting before using doesn't cover this? I've played around with Crypt::CBC (and different ciphers) for this sort of thing but admittedly have not applied this to any production systems yet. You still have a key somewhere to hide/obscure. You can also use Perl source filters to totally encrypt the source -- something else I've done but not in production. Just some things you may want to look at ... -- Steve Sapovits steves06@comcast.netThread Previous | Thread Next