Keep It Simple, Stupid | |
PerlMonks |
Re: suggestions for web pop email systemby btrott (Parson) |
on Jun 15, 2001 at 21:32 UTC ( [id://88861]=note: print w/replies, xml ) | Need Help?? |
As you imply, probably your best bet is to introduce some form
of caching of the POP password that you get back from the
LDAP server. The manner in which you do this is the question. Like you, I would shy away from putting the password into the environment :), but I think you've got the right idea: you want to cache the password on the web machine so that you don't have to keep asking for it from the LDAP machine. For security reasons, you should definitely encrypt the passwords that you cache; probably your best bet is to just encrypt them using a symmetric cipher, like Crypt::Blowfish, used in CBC mode (Crypt::CBC). You have to be careful with the key you use as the encryption/decryption passphrase; if you store this key in a file anywhere, you're basically negating the benefits of encrypting in the first place. So you need to find a way to store the passphrase w/o storing it in plain text on disk; one way to do this might be to store it in shared memory or something like that. The question then becomes: how do you cache the passwords? Several options that I can think of:
In Section
Seekers of Perl Wisdom
|
|