Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much

Re^2: best way to store login information for a perl script?

by JavaFan (Canon)
on Jul 04, 2009 at 12:24 UTC ( #777219=note: print w/replies, xml ) Need Help??

in reply to Re: best way to store login information for a perl script?
in thread best way to store login information for a perl script?

That's just pushing the problem around. If someone can get hold of a file of yours that contains Perl statement, (s)he's as likely to get hold of a file of yours that contain configuration data.
  • Comment on Re^2: best way to store login information for a perl script?

Replies are listed 'Best First'.
Re^3: best way to store login information for a perl script?
by graff (Chancellor) on Jul 04, 2009 at 15:05 UTC
    Nonetheless, keeping authentication/login data out of program code is generally a good idea. Deciding whether to store such info in a separate (private, rw-------) data file (as opposed to requiring manual entry on every run) is a question of weighing the tradeoff between convenience vs. risk.

    If someone other than me can see the contents of a file after I've done chmod 600 on it, and can decide to do something malicious with that, it means someone with malicious intent has root access on my system. In that case, exposure of login info on a twitter account would be the least of my worries.

Re^3: best way to store login information for a perl script?
by Your Mother (Chancellor) on Jul 04, 2009 at 16:00 UTC

    I disagree. It's an improvement. The executable could be installed in /usr/local/bin or someplace or be a module in a public lib. The only more secure answer is taking a passkey or something against some encryption keys and you have to do that under either SSL or with echo off in the terminal and the whole point of a tool like this is to make it easier, not to make it a functionally identical interface the web UI.

      You know, the OP didn't strike me as someone who was contemplating putting script like that on a box with multiple users. Or even having the authentication to do so. He certainly wasn't asking about a general program (otherwise, he would have realized that hardcoding a single username/password for a global program isn't going to work anyway).

      My guess is that either 1) he has written a script which runs from this personal box noone else has access to (in which, it doesn't really matter where he stores the password), or 2) he has written a script while working on a shared box, and isn't root. In which both the script, and the config file are stored somewhere in or below his homedirectory.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://777219]
[1nickt]: Corion this looks good, from the pod: "there are 9000+ variations that are detected correctly in the test files (see t/data/* for most of them). If you can think of any that I do not cover, please let me know."
[TCLion]: some moron put the date like this : Mon Feb 20 09:31:30 2017
[Corion]: 1nickt: Yes, the module sounds promising indeed
[1nickt]: "putting the date in correct order" how?
[Corion]: TCLion: Whee ;)
[TCLion]: need to put like this : 2017-02-20 09:30:53
[1nickt]: That's why I asked if you are using DateTime. It has a large number of supporting modules (the author likes the term 'eco-system') so if you are already creating a DateTime obj from your dates, this module would read in the mnoron-formatted 1s seamlessly
[TCLion]: when I put the date together it looks like : 2017-Feb-24 (month is the problem)
[1nickt]: good luck, then.
[TCLion]: looking at DateTime documentation in monastery now

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (12)
As of 2017-03-23 14:56 GMT
Find Nodes?
    Voting Booth?
    Should Pluto Get Its Planethood Back?

    Results (288 votes). Check out past polls.