Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much

Safeguarding sensitive information

by Baz (Friar)
on May 15, 2002 at 22:32 UTC ( #166860=perlquestion: print w/replies, xml ) Need Help??

Baz has asked for the wisdom of the Perl Monks concerning the following question:

I want to put some passwords and stuff in a file, and then read their values at real time so that they can be use by my script without the client gaining access to them. Is this o.k. and what chmod should I give the file.

Replies are listed 'Best First'.
Re: Safeguarding sensitive information
by tjh (Curate) on May 15, 2002 at 23:08 UTC
Re: Safeguarding sensitive information
by yodabjorn (Monk) on May 15, 2002 at 23:21 UTC
    Agreed, more info needed about what this is for. Is it a web system ?. is it some UI ? is it somthing that will give destructive power?. Risk asseement is needed then you can devise a method for the ammount of security you need.

    In general passwords are weak protection, but also one of the most basic forms of protection. there are many articles on the web about risk assesment and password sucurity/policies.that i am not gonna go into in the scope of this post. see SecurityFocus

    Besides that. I would look into cpan Crypt, and the perl crypt implentations. Most password systems story only the crypted version of the password and compare the user input crypted and matched against the stored crypted string. This way the file has no plain password, unfortuanatly the standard DES encryption is verry week and can be brute forced quite fast.

    If this is a web system on apache there are many ways to authenticate users. Apache Docs

    other than that make the file 0400 only by the user that runs the script. and make sure that its not acessable via the web or some other remote connections.
Re: Safeguarding sensitive information
by Marza (Vicar) on May 15, 2002 at 22:49 UTC

    A little more information please.

    What exactly are you trying to do?

    As an ex-security guy, my eyes started twitching at the mention of storing passwords. ;-),

    At the base level, this does have risk. You can chmod the file so that only your id has access but then you still risk somebody getting your id. There are many arguments for not doing this.

      Well, one of the passwords is my MySQL password. My perl scripts need this passwords in order to access the database. I've heard that its not safe to put the password in the script - such as
      $password = "kjkjkjkjkj";

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://166860]
Approved by ChemBoy
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (2)
As of 2022-10-02 08:50 GMT
Find Nodes?
    Voting Booth?
    My preferred way to holiday/vacation is:

    Results (8 votes). Check out past polls.