Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: best way to store login information for a perl script?

by Your Mother (Canon)
on Jul 04, 2009 at 06:11 UTC ( #777180=note: print w/ replies, xml ) Need Help??


in reply to best way to store login information for a perl script?

Synchronicity. I just wrote this idea into some code an hour ago for a stock account package. I used the idiom from mysql. A config file in the user's home. So, something like-

use YAML (); my $config = YAML::LoadFile("$ENV{HOME}/.twitter.cnf"); # Where the file in question is only readable by the user- cow@moo[1607]~>sl .twitter.cnf -rw------- 1 cow staff 0 Jul 3 23:08 .twitter.cnf # And the config file looks like (YAML) this- --- username: MooseQueen password: twitterLuser

Then, presumably, all together-

use Net::Twitter; use YAML (); my $config = YAML::LoadFile("$ENV{HOME}/.twitter.cnf"); my $twit = Net::Twitter->new( traits => [qw/API::REST/], %{$config}, );


Comment on Re: best way to store login information for a perl script?
Select or Download Code
Re^2: best way to store login information for a perl script?
by JavaFan (Canon) on Jul 04, 2009 at 12:24 UTC
    That's just pushing the problem around. If someone can get hold of a file of yours that contains Perl statement, (s)he's as likely to get hold of a file of yours that contain configuration data.
      Nonetheless, keeping authentication/login data out of program code is generally a good idea. Deciding whether to store such info in a separate (private, rw-------) data file (as opposed to requiring manual entry on every run) is a question of weighing the tradeoff between convenience vs. risk.

      If someone other than me can see the contents of a file after I've done chmod 600 on it, and can decide to do something malicious with that, it means someone with malicious intent has root access on my system. In that case, exposure of login info on a twitter account would be the least of my worries.

      I disagree. It's an improvement. The executable could be installed in /usr/local/bin or someplace or be a module in a public lib. The only more secure answer is taking a passkey or something against some encryption keys and you have to do that under either SSL or with echo off in the terminal and the whole point of a tool like this is to make it easier, not to make it a functionally identical interface the web UI.

        You know, the OP didn't strike me as someone who was contemplating putting script like that on a box with multiple users. Or even having the authentication to do so. He certainly wasn't asking about a general program (otherwise, he would have realized that hardcoding a single username/password for a global program isn't going to work anyway).

        My guess is that either 1) he has written a script which runs from this personal box noone else has access to (in which, it doesn't really matter where he stores the password), or 2) he has written a script while working on a shared box, and isn't root. In which both the script, and the config file are stored somewhere in or below his homedirectory.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://777180]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (11)
As of 2014-12-22 16:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (121 votes), past polls