Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re^2: DBI Password connection to Oracle

by waswas-fng (Curate)
on Jun 28, 2005 at 17:33 UTC ( #470727=note: print w/replies, xml ) Need Help??


in reply to Re: DBI Password connection to Oracle
in thread DBI Password connection to Oracle

I do not know that your solution meets the Not be able to log into the machine and decrypt the password as a normal user. or Not be able to get the password into a variable in perl. requirements.


-Waswas
  • Comment on Re^2: DBI Password connection to Oracle

Replies are listed 'Best First'.
Re^3: DBI Password connection to Oracle
by Transient (Hermit) on Jun 28, 2005 at 17:36 UTC
    Well, as far as the first one goes, it's impossible if the "normal user" is the same as "nobody" or whatever the CGI/Perl user is. If that user can't 'read' the password file, it's a lost cause, period.

    The second one has nothing to do with "identified externally". It should use the UNIX user id/password to validate the user (without the need to pass the actual password). This may or may not work across a network depending upon the flavor of *NIX and type of Oracle. However, remote login via ssh is available without passing a password using public/private key encryption, so I'd figure something similar would be possible here (although I'm not 100% on that).
      nobody or other service users on unix generally have password set to NP or some other special string that does not actually work as a password for the system. This in effect locks out standard auth on the user and only allows su - actions from root.

      The second one as I read it means that DBI access is out of the question -- It either means that his script cant hold the auth keys (no auth at all) or that the auth should be in a form that is not usable in perl.


      -Waswas
        Ok, so then it does satisfy "Not be able to log into the machine and decrypt the password as a normal user"... right?

        As far as the second one - not necessarily, although I will admit that I haven't actually tested such a thing myself. Externally identified means that the operating system (or third-party system) itself verifies the user validation, meaning that there must be a valid login on the database server. Also, there appears to be Oracle net support via Oracle Advanced Security. see here - there is also some information about identified globally, which allows for Active Directory verification.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://470727]
help
Chatterbox?
Discipulus loose the tozzetto party!
[shmem]: .oO( addition of cookies for addiction to cookies )
[Lady_Aleena]: Other than my typos shmem. 8)
[shmem]: otherwise fine
[Discipulus]: tozzetti & vinsanto
[Lady_Aleena]: The whole line is push @line, ref($list_addition ) ? @$list_addition : $list_addition if $list_addition;
[Lady_Aleena]: And I forgot to do the array check, I'm such a doofus today.
[Lady_Aleena]: push @line, ref($list_addition ) eq 'ARRAY' ? @$list_addition : $list_addition if $list_addition; #trying again
[shmem]: Discipulus: yummy. I like those. Didn't have them for some time now, forgot the name. Should go get some...
[shmem]: Lasy_Aleena: correct, although for clarity I'd use an if() block, not a statement modifier

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (8)
As of 2017-04-27 11:49 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I'm a fool:











    Results (504 votes). Check out past polls.