Syntactic Confectionery Delight | |
PerlMonks |
storing passwords (OT??)by mandog (Curate) |
on Dec 06, 2002 at 00:33 UTC ( [id://217950]=perlquestion: print w/replies, xml ) | Need Help?? |
mandog has asked for the wisdom of the Perl Monks concerning the following question: The application in question is written partly in perl, but my apologies if this question isn't particularly perl related. One task of our free (beer/source) database application is to check kids in and out of a building quickly by swipping bar-coded badges. Member and check in/out data will be cached locally and SELECTed /INSERTed from a remote database server.
Our problems are balancing ease of use and security and deciding what we want to keep secure. Some factors: We will connect to the database as a user with very limited powers. The user will be able to SELECT member & ID data from a single view and INSERT in/out/timestamp data into a single table. The consequences of a total break in security are relatively minor Our check in/out component will be running on a task station dedicated exclusively to checking people in and out of the building. We'll restrict the task station to running our application, shutting down the computer and changing the workstation password. At least a dozen teenagers will be using the workstation to check a couple hundred other teens in and out of the building. The password to the workstation will probably be distributed relatively widely. The IP number of the NAT gateway the task station is behind is assigned dynamically and this is the IP# we'll be connecting to the database from. Our current kludgy plan is to store our application as byte code and to store a string in an external file. The application would use some of this string and the MAC address of the workstation, rot13 and crypt to generate the actual database password. --How we hid the password is probably a detail. We think this would be better than requiring the users to enter a OS password and then a database password. We can't keep the workstation password from wide distribution, but we can limit people's ability to access the database from outside our application. It feels vaguely like some sort of public/private key thingamajig might do a better job. One thing that bugs more about our current approach is that publishing our code becomes a little problamatic. (assuming our code were worth publishing) Again, breached security does not launch nuclear missiles so we probably don't want to got nuts here. Is there a better/simpler way to do this? email: mandog#
Back to
Seekers of Perl Wisdom
|
|