http://www.perlmonks.org?node_id=1195056

ksublondie has asked for the wisdom of the Perl Monks concerning the following question:

Hi monks!

In an effort to *try* to make my code more secure, I'd like to eliminate passwords from my code. So far, the "best" solution I've found is to put them into a separate encrypted file, then unencrypting/encrypting them when I need them. Are there any better solutions I'm not finding?

A lot of them are MS sql server connections from a linux/apache machine. Is there a module or solution out there that could replicate a windows authentication on linux so I don't have to hard-code passwords? I'm currently using DBI::Sybase and DBI:ODBC for my db connections.

Replies are listed 'Best First'.
Re: Eliminating userid/passwords in code
by thanos1983 (Parson) on Jul 13, 2017 at 17:12 UTC
[reply]
Re: Eliminating userid/passwords in code
by shmem (Chancellor) on Jul 13, 2017 at 23:13 UTC
    So far, the "best" solution I've found is to put them into a separate encrypted file, then unencrypting/encrypting them when I need them.

    If the encrypted token lives on the same system where the decryption key is, you've gained nothing. The key and the encrypted credential can be obtained in the same way as the plain password, just with a bit more amount of fiddling.

    So the secret has to be stored somewhere else. And the instance holding the secret has to be able to verify the requiring party to make sure it really is what it claims to be, and not being impersonated by something/someone else. That's hard - "it is damned hard to make a program fool proof, because fools are so ingenious." And good hackers (in the evil meaning of "good hackers") aren't fools.

    perl -le'print map{pack c,($-++?1:13)+ord}split//,ESEL'
[reply]
    A reply falls below the community's threshold of quality. You may see it by logging in.
A reply falls below the community's threshold of quality. You may see it by logging in.

Back to Seekers of Perl Wisdom