Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Re: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file

by GrandFather (Saint)
on Sep 26, 2018 at 06:54 UTC ( #1223034=note: print w/replies, xml ) Need Help??


in reply to with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file

There are many problems with what you are doing, but the worst is working with plain text passwords. Never, ever, for any reason store plain text passwords, especially paired with user names!

A fairly light weight technique that is much more secure and needs very little extra work is to store a cryptographic hash of the password combined with a seed (often the user name can be used as the seed). To check a supplied password use the same hash process that was used to generate the hash originally then compare the two hash codes.

use strict; use warnings; use Digest::MD5; print Digest::MD5::md5_hex("username" . "SamplePassword");

Prints:

c0075ad4e26ec3dee225ccb6387b0b77
Optimising for fewest key strokes only makes sense transmitting to Pluto or beyond
  • Comment on Re: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file
  • Select or Download Code

Replies are listed 'Best First'.
Re^2: with CGI, How to have multiple usernames and passwords from a txt file (password.txt) file
by theravadamonk (Scribe) on Sep 26, 2018 at 10:17 UTC

    Hi Grandfather,

    Thanks for your effort. I want to understand what you say since it is beneficial for me

    What do you actually say?

    I included encrypted password in /tmp/password.txt file in following way.

    username,c0075ad4e26ec3dee225ccb6387b0b77

    Then, I input USERNAME as username and PASSWORD as SamplePassword. But, It won't work. Why?

    But, IF I input USERNAME as username and PASSWORD as c0075ad4e26ec3dee225ccb6387b0b77 , it will work..

    Is it the way?

    > To check a supplied password use the same hash process that was used to generate the hash originally then compare the two hash codes.

    How can I do it? Pls help me to complete the code with security.

      "Then, I input USERNAME as username and PASSWORD as SamplePassword. But, It won't work. Why?"

      Because you're comparing 'SamplePassword' against 'c0075ad4e26ec3dee225ccb6387b0b77', which isn't the same string.

      "How can I do it? Pls help me to complete the code with security"

      Grandfather explains that you have to do the same process with the user supplied password as you did you generate the password, compare the resulting value against the one you have stored.

        Hi Marto

        Thanks for coming back. you have helped me many times.

        > Grandfather explains that you have to do the same process with the user supplied password as you did you generate the password, compare the resulting value against the one you have stored."

        what's this same process? It's Still a nightmare to me.

        This is the code

        print Digest::MD5::md5_hex("username" . "SamplePassword");
        how to write the other way? I think this is NOT the way.
        print Digest::MD5::md5_hex("username" . "c0075ad4e26ec3dee225ccb6387b0 +b77") ."\n";

        hope to hear from all

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1223034]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (2)
As of 2022-01-21 21:44 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:












    Results (59 votes). Check out past polls.

    Notices?