[Catalyst] Where best to store database connection information?

Craig Chant craig at homeloanpartnership.com
Mon Feb 16 17:35:33 GMT 2015 

I have mine in an adaptor class singleton.

Just be aware using this approach means if there is an error and you have debug / trace switched on it outputs the username and password in the debug output!

So always ensure you never leave these flags on when you publish the live version.

-----Original Message-----
From: Adam Witney [mailto:awitney at sgul.ac.uk]
Sent: 16 February 2015 17:25
To: The elegant MVC web framework
Subject: Re: [Catalyst] Where best to store database connection information?


Hi,

Thanks for your replies.

I guess my question was more about any security issue of having the database username/password stored in a text file.  And what do people consider best practice for this from a security point of view?

Thanks

Adam


> -----Original Message-----
> From: Octavian Rasnita [mailto:orasnita at gmail.com]
> Sent: 16. februára 2015 17:10
> To: The elegant MVC web framework
> Subject: Re: [Catalyst] Where best to store database connection
> information?
>
> Catalyst uses Config::General to read .conf files. If Config::General
> is configured with the option -UseApacheInclude, then you can use an
> apache "include file.conf" in the .conf file to include another file
> from another directory which is not saved by git.
>
> Or the option -IncludeDirectories can be also useful so all the files
> from the given directory will be included.
>
> --Octavian
>
> ----- Original Message -----
> From: "David Schmidt" <davewood at gmx.at>
> To: "The elegant MVC web framework" <catalyst at lists.scsys.co.uk>
> Sent: Monday, February 16, 2015 6:22 PM
> Subject: Re: [Catalyst] Where best to store database connection
> information?
>
>
> > the catalyst configloader can load more then just one file.
> >
> > by default it loads "myapp.conf"
> >
> > if a file named "myapp_local.conf" exists it is loaded aswell.
> >
> > docs:
> > https://metacpan.org/pod/distribution/Catalyst-Plugin-
> ConfigLoader/lib/Catalyst/Plugin/ConfigLoader/Manual.pod#Using-a-local
> -
> configuration-file
> >
> > On 16 February 2015 at 15:42, Adam Witney <awitney at sgul.ac.uk> wrote:
> >> Hi,
> >>
> >> I have a Catalyst / DBIx::Class application and I have been storing
> >> the database connection parameters in a config file which is
> >> sourced using MYAPP_CONFIG_LOCAL_SUFFIX. But this seems a bit of a
> >> security
> problem
> >> having the main password in a text file like this, especially if it
> >> goes into git.
> >>
> >> Is there a recommended or best practice place to store database
> >> connection information?
> >>
> >> Thanks for any help
> >>
> >> Adam
> >>
> >> _______________________________________________
> >> List: Catalyst at lists.scsys.co.uk
> >> Listinfo:
> >> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> >> Searchable archive:
> >> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> >> Dev site: http://dev.catalyst.perl.org/
> >
> > _______________________________________________
> > List: Catalyst at lists.scsys.co.uk
> > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> > Searchable archive:
> > http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> > Dev site: http://dev.catalyst.perl.org/
>
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/

_______________________________________________
List: Catalyst at lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
This Email and any attachments contain confidential information and is intended solely for the individual to whom it is addressed. If this Email has been misdirected, please notify the author as soon as possible. If you are not the intended recipient you must not disclose, distribute, copy, print or rely on any of the information contained, and all copies must be deleted immediately. Whilst we take reasonable steps to try to identify any software viruses, any attachments to this e-mail may nevertheless contain viruses, which our anti-virus software has failed to identify. You should therefore carry out your own anti-virus checks before opening any documents. HomeLoan Partnership will not accept any liability for damage caused by computer viruses emanating from any attachment or other document supplied with this e-mail. HomeLoan Partnership reserves the right to monitor and archive all e-mail communications through its network. No representative or employee of HomeLoan Partnership has the authority to enter into any contract on behalf of HomeLoan Partnership by email. HomeLoan Partnership is a trading name of H L Partnership Limited, registered in England and Wales with Registration Number 5011722. Registered office: Pharos House, 67 High Street, Worthing, West Sussex, BN11 1DN. H L Partnership Limited is authorised and regulated by the Financial Conduct Authority.

More information about the Catalyst mailing list