Test-suite for a password protected website
Michael Stillwell
mjs at beebo.org
Sun Dec 28 23:13:38 CST 2003
David Dick said:
> Interesting problem that i have encountered.
>
> If i have the time, it's good to be able to automatically and
> quickly
> validate a system's integrity by having a automated test suite
> (using
> something like Test::Harness, etc). However, from a security
> viewpoint,
> how do people cope with username / passwords.
Whenever I need to do this I put my username, password, and
database connection string in files called USERNAME, PASSWORD
and DATABASE. (In the form "q{name}", which can be read nicely
with $username = do "USERNAME".)
Not perfect (see other messages), but it does make clear the
fact that usernames and passwords are embedded into the
scripts, as well as where to go if the password changes.
--M.
--
http://beebo.org
More information about the Melbourne-pm
mailing list