• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

MySQL connection string in HTML::Mason errors

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux

View previous topic :: View next topic  
Author Message
AK_Dude
Just Arrived
Just Arrived


Joined: 25 Jan 2005
Posts: 0
Location: Somewhere in the cold, frozen north (Anchorage, AK)

Offline

PostPosted: Wed Jan 26, 2005 9:08 pm    Post subject: MySQL connection string in HTML::Mason errors Reply with quote

Does anyone have experience with HTML::Mason in an Apache/MySQL application? I'm a Mason noob, and here's the problem I am trying to solve:

When there is an error in a web page generated with HTML::Mason, Apache coughs up a few lines of code in the error message. As long as that code doesn't occur in the beginning of the program, that's not *too* much of a security issue, but when it occurs near the connection string that creates the database handle, the security implications become much more frightening, since the connection string contains the database server name, user name and password to connect to the MySQL database.

I can think of two ways to work around this problem:
1) Don't use a password to connect to the database (YIKES!);
2) Offset the connection string from the rest of the code by enough whitespace to prevent HTML::Mason/Apache from displaying the connection string.

Neither one of these work arounds are ideal, #1 for obvious reasons, and #2 because it doesn't solve the problem--just the symptom. Besides, I don't necessarily want other parts of my code dumped to the web page, anyway. Is there any way to prevent HTML::Mason from displaying code once a page is live on the Internet?
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register