Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re^2: best way to store login information for a perl script?

by JavaFan (Canon)
on Jul 04, 2009 at 12:24 UTC ( #777219=note: print w/ replies, xml ) Need Help??


in reply to Re: best way to store login information for a perl script?
in thread best way to store login information for a perl script?

That's just pushing the problem around. If someone can get hold of a file of yours that contains Perl statement, (s)he's as likely to get hold of a file of yours that contain configuration data.


Comment on Re^2: best way to store login information for a perl script?
Re^3: best way to store login information for a perl script?
by graff (Chancellor) on Jul 04, 2009 at 15:05 UTC
    Nonetheless, keeping authentication/login data out of program code is generally a good idea. Deciding whether to store such info in a separate (private, rw-------) data file (as opposed to requiring manual entry on every run) is a question of weighing the tradeoff between convenience vs. risk.

    If someone other than me can see the contents of a file after I've done chmod 600 on it, and can decide to do something malicious with that, it means someone with malicious intent has root access on my system. In that case, exposure of login info on a twitter account would be the least of my worries.

Re^3: best way to store login information for a perl script?
by Your Mother (Canon) on Jul 04, 2009 at 16:00 UTC

    I disagree. It's an improvement. The executable could be installed in /usr/local/bin or someplace or be a module in a public lib. The only more secure answer is taking a passkey or something against some encryption keys and you have to do that under either SSL or with echo off in the terminal and the whole point of a tool like this is to make it easier, not to make it a functionally identical interface the web UI.

      You know, the OP didn't strike me as someone who was contemplating putting script like that on a box with multiple users. Or even having the authentication to do so. He certainly wasn't asking about a general program (otherwise, he would have realized that hardcoding a single username/password for a global program isn't going to work anyway).

      My guess is that either 1) he has written a script which runs from this personal box noone else has access to (in which, it doesn't really matter where he stores the password), or 2) he has written a script while working on a shared box, and isn't root. In which both the script, and the config file are stored somewhere in or below his homedirectory.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://777219]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (3)
As of 2014-07-13 15:59 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    When choosing user names for websites, I prefer to use:








    Results (250 votes), past polls