Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re: best way to store login information for a perl script?

by stinkingpig (Sexton)
on Jul 04, 2009 at 15:56 UTC ( #777246=note: print w/ replies, xml ) Need Help??


in reply to best way to store login information for a perl script?

The Crypt::* modules are pretty easy to use; I have a project where I ask for authentication information if there's a setup command line switch, encrypt it, and write it into stored configuration. For normal runs, the stored configuration is read and decrypted. If you keep your configuration file safe and use a static machine attribute as the password (for instance Processor ID), it'll be reasonably secure and transparent to the user.

"Nothing was broken, and it's been fixed." -- Jon Carroll


Comment on Re: best way to store login information for a perl script?
Re^2: best way to store login information for a perl script?
by Anonymous Monk on Jul 04, 2009 at 16:01 UTC
    But it wouldn't be any more secure than an unencrypted datafile.
Re^2: best way to store login information for a perl script?
by afoken (Parson) on Jul 04, 2009 at 16:20 UTC

    Encrypted data with decryption code and decryption key side by side is just a little bit more anoying to read than unencrypted data, but it is not one bit more secure, even with state of the art highest grade encryption.

    If you are root on your machine, storing data in your standard unprivileged account with mode 0600 or even 0400 is sufficient most of the times. If you need to worry about your data (1), put $HOME on a strongly encrypted partition and ask for a pass phrase every time you mount that partition.

    If you are not root on the machine, and you can't trust root 200%, don't store sensitive data there. The root user can bypass all security measures, he can install keyboard loggers and can trace every system call of each program you start. Even an encrypted filesystem image, loop-mounted, is not secure with a malicious root user.

    It's sad that one still has to use simple passwords for so many services. Wherever possible, switch to certificates, especially for SSH. And by the way, client certificates are possible with SSL-encrypted HTTP (a.k.a. HTTPS), but the server must be configured for them to work. And yes, I'm aware that Twitter won't switch to high grade encryption certificates just because a few perl monks don't feel good storing plain text passwords in a script or configuration file. Not yet ... ;-)

    Alexander

    (1) E.g. because your gouvernment runs amok, because you work with sensitive data from your client(s), because you are an investigative journalist, a doctor, a priest, a lawyer, or maybe because you are just a little bit paranoid.

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://777246]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (9)
As of 2014-08-01 07:01 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (257 votes), past polls