Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Re: How can a script use a password without making the password visible?

by hippo (Bishop)
on Mar 01, 2017 at 11:21 UTC ( [id://1183262]=note: print w/replies, xml ) Need Help??


in reply to How can a script use a password without making the password visible?

  • Environment variables
  • Per-user config files
  • Command-line switches
  • Prompt the user at run-time (ie. STDIN)

Take your pick but bear in mind that most of these have security concerns depending on who has access to what.

Also be aware that any coder working on a script can have it output any data from the script in any form (save to a file, email it, FTP it, whatever) so you have to trust the coder at some level.

Addendum: Also consider the related FAQ

  • Comment on Re: How can a script use a password without making the password visible?

Replies are listed 'Best First'.
Re^2: How can a script use a password without making the password visible?
by afoken (Chancellor) on Mar 01, 2017 at 15:26 UTC
    Environment variables

    Insecure. See Re^2: exec, echo and pipe and below.

    Per-user config files

    With chmod 0600, ok if you can trust root and the filesystem containing the configuration file is not exposed to other machines (e.g. via NFS or Samba). Insecure if running on a shared hosting webserver, where all code runs using the same user account.

    Command-line switches

    Insecure. See Re^2: exec, echo and pipe and below.

    Prompt the user at run-time (ie. STDIN)

    Won't work in a web environment.

    Alexander

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
[reply]
[d/l]
[select]
      ok if you can trust root

      If you can't trust root then I'd suggest that you have bigger problems than just protecting your config files.

[reply]
        If you can't trust root then I'd suggest that you have bigger problems than just protecting your config files.

        As I understand it, the SELinux modules can prevent even root from accessing certain files. Of course, then you have to trust your security admin.

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1183262]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others meditating upon the Monastery: (4)
As of 2024-04-23 23:03 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found