Just another Perl shrine | |
PerlMonks |
Re^5: How to hide a password in a script?by BrowserUk (Patriarch) |
on Aug 07, 2004 at 06:27 UTC ( [id://380866]=note: print w/replies, xml ) | Need Help?? |
My understanding of what the OP was describing was not securing against external attack, but internal, (semi-)authorised snoopers. Using ids granted only as much authority as is required to do the jobs is a given. Often ignored I grant you. Employees have to be given the authority to run the scripts which in turn have to have passwords that have the authority to do the required work. In this situation, you frequently need the script to do things, and access information that you would prefer the employee operating the scripts to not be able to do (manually), or see. I agree that proxies that act on behalf of the script's requests is the best appproach. But if the employee can see what the script sends the proxy, then they can work out what to send to have the proxy do their bidding. It's an extra level of complexity that forces the sedious to an extra level of sophistication. Perhaps the only merit in my joke was that it might allow you to detect the unsophisticated before they become sophisticated.
In Section
Seekers of Perl Wisdom
|
|