Re: TeraNews: RE: Avoiding coding username/password directly into perl script

From: Hardy Merrill (HMerrill_at_dhcr.state.ny.us)
Date: 03/10/04 

Date: Wed, 10 Mar 2004 14:19:07 -0500
To: <dbi-users@perl.org>,<SLCUUVKKQKKI@spammotel.com>

I see in 'perldoc DBD::ODBC' that the user id and password _is_ required
when using DBD::ODBC to connect to an ODBC data source. I looked up a
few of my ODBC 'System' data sources, and although they do contain the
user id, they do _NOT_ contain the password. So I'll stick with my
previous recommendation of locating the database login parameters in
their own Perl module in a safe place, and then "use"ing that module to
give your scripts access to those login parameter variables.

Hardy

>>> "News Reader" <SLCUUVKKQKKI@spammotel.com> 03/10/04 02:06PM >>>
On Wed, 10 Mar 2004 12:50:59 -0600, "Brad Fike"
<Brad.Fike@wal-mart.com>
said:

Thanks for the ideas. I did try entering them in as blanks, but I
still
got this error:

DBI->connect(BWEB) failed: [Microsoft][ODBC SQL Server Driver][SQL
Server]Login failed for user '(null)'. Reason: Not associated with a
trusted SQL Server connection. (SQL-28000)(DBD: db_login/SQLConnect
err=-1) at test.pl line 18

I know the username/password is in the system DSN somewhere.

In reply to the suggestions about putting the username/password into
another [more secure] file, this is not a bad idea, and I can
certainly
do this. It would address the security issue and it would address the
maintenance issue to some extent (at least we wouldn't have to modify
several scripts), but it still means the info is in two places (this
new
file as well as the system DSN, which other non-perl things use).

> If the user\pass is already in the DSN you should be able to just...
>
> my $db =
> DBI->connect("dbi:ODBC:$dsn","","");
>
>
> >-----Original Message-----
> >From: Sterin, Ilya (I.) [mailto:isterin@ford.com]
> >Sent: Wednesday, March 10, 2004 12:43 PM
> >To: dbi-users@perl.org
> >Subject: RE: Avoiding coding username/password directly into
> >perl script
> >
> >
> >well, if your database requires a username/password, then you
> >can't just pass it the path (DSN). Not even sure how you
> >expect anyone to do that. I believe certain ODBC clients
> >might have the capability to embed that either inside the DSN
> >and/or somewhere else on the system, so that when a certain
> >DSN is recognized, that username/password is used, but not
> >sure what clients and/or version do that.
> >
> >Thanks.
> >
> >Ilya
> >
> >> -----Original Message-----
> >> From: News Reader [mailto:SLCUUVKKQKKI@spammotel.com]
> >> Sent: Wednesday, March 10, 2004 1:36 PM
> >> To: dbi-users@perl.org
> >> Subject: Avoiding coding username/password directly into perl
script
> >>
> >>
> >> Hi there,
> >>
> >> I figured this would be a pretty common problem, but I didn't see
> >> anything in the FAQ or docs.
> >>
> >> We've got a script that uses DBI to connect to SQL Server.
> >>
> >> There is a system DSN set up and this already has the username
and
> >> password. So do we really need to pass them again, as shown
below?
> >>
> >> my $db =
> >DBI->connect("dbi:ODBC:$dsn","$db_user_name","$db_password");
> >>
> >> We tried the following (removing the username/password
parameters),
> >> but we got a connection error.
> >>
> >> my $db = DBI->connect("dbi:ODBC:$dsn");
> >>
> >> It would be nice (for maintenance) and obviously more secure if
we
> >> could pass only the DSN name.
> >>
> >> Thanks,
> >> - ML

Relevant Pages