Joined: 25 Jan 2005 Posts: 0 Location: Somewhere in the cold, frozen north (Anchorage, AK)
Posted: Wed Jan 26, 2005 9:08 pm Post subject: MySQL connection string in HTML::Mason errors
Does anyone have experience with HTML::Mason in an Apache/MySQL application? I'm a Mason noob, and here's the problem I am trying to solve:
When there is an error in a web page generated with HTML::Mason, Apache coughs up a few lines of code in the error message. As long as that code doesn't occur in the beginning of the program, that's not *too* much of a security issue, but when it occurs near the connection string that creates the database handle, the security implications become much more frightening, since the connection string contains the database server name, user name and password to connect to the MySQL database.
I can think of two ways to work around this problem:
1) Don't use a password to connect to the database (YIKES!);
2) Offset the connection string from the rest of the code by enough whitespace to prevent HTML::Mason/Apache from displaying the connection string.
Neither one of these work arounds are ideal, #1 for obvious reasons, and #2 because it doesn't solve the problem--just the symptom. Besides, I don't necessarily want other parts of my code dumped to the web page, anyway. Is there any way to prevent HTML::Mason from displaying code once a page is live on the Internet?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum