Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation

Re: best way to store login information for a perl script?

by stinkingpig (Sexton)
on Jul 04, 2009 at 15:56 UTC ( #777246=note: print w/replies, xml ) Need Help??

in reply to best way to store login information for a perl script?

The Crypt::* modules are pretty easy to use; I have a project where I ask for authentication information if there's a setup command line switch, encrypt it, and write it into stored configuration. For normal runs, the stored configuration is read and decrypted. If you keep your configuration file safe and use a static machine attribute as the password (for instance Processor ID), it'll be reasonably secure and transparent to the user.
"Nothing was broken, and it's been fixed." -- Jon Carroll
  • Comment on Re: best way to store login information for a perl script?

Replies are listed 'Best First'.
Re^2: best way to store login information for a perl script?
by afoken (Abbot) on Jul 04, 2009 at 16:20 UTC

    Encrypted data with decryption code and decryption key side by side is just a little bit more anoying to read than unencrypted data, but it is not one bit more secure, even with state of the art highest grade encryption.

    If you are root on your machine, storing data in your standard unprivileged account with mode 0600 or even 0400 is sufficient most of the times. If you need to worry about your data (1), put $HOME on a strongly encrypted partition and ask for a pass phrase every time you mount that partition.

    If you are not root on the machine, and you can't trust root 200%, don't store sensitive data there. The root user can bypass all security measures, he can install keyboard loggers and can trace every system call of each program you start. Even an encrypted filesystem image, loop-mounted, is not secure with a malicious root user.

    It's sad that one still has to use simple passwords for so many services. Wherever possible, switch to certificates, especially for SSH. And by the way, client certificates are possible with SSL-encrypted HTTP (a.k.a. HTTPS), but the server must be configured for them to work. And yes, I'm aware that Twitter won't switch to high grade encryption certificates just because a few perl monks don't feel good storing plain text passwords in a script or configuration file. Not yet ... ;-)


    (1) E.g. because your gouvernment runs amok, because you work with sensitive data from your client(s), because you are an investigative journalist, a doctor, a priest, a lawyer, or maybe because you are just a little bit paranoid.

    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
Re^2: best way to store login information for a perl script?
by Anonymous Monk on Jul 04, 2009 at 16:01 UTC
    But it wouldn't be any more secure than an unencrypted datafile.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://777246]
[Corion]: Eily: Wheee ;)
[Eily]: I'll add that to my résumé
Discipulus what's SioB?
[Eily]: Saints in our Book
[Discipulus]: ..mmhh: no warnings; does not affect carp.. how to suppress carp's output in tests?

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (6)
As of 2018-01-22 11:14 GMT
Find Nodes?
    Voting Booth?
    How did you see in the new year?

    Results (233 votes). Check out past polls.