Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re: Perl Setuid - Oracle Password Hardcoding

by JavaFan (Canon)
on Nov 16, 2011 at 07:25 UTC ( #938326=note: print w/ replies, xml ) Need Help??


in reply to Perl Setuid - Oracle Password Hardcoding

sudo was developed more than 3 decades ago to solve problems like that.

Learn it. Use it.

And for more information about your non-Perl question, try a Unix forum.


Comment on Re: Perl Setuid - Oracle Password Hardcoding
Download Code
Re^2: Perl Setuid - Oracle Password Hardcoding
by zekeb (Initiate) on Nov 17, 2011 at 00:15 UTC
    It sounds like the dbas don't want the developer to know the password to Oracle. If they run the script with sudo or setuid or whatever, what would prevent them from just having the code print out the password that was read from the file?
      Considering that the OP is talking about an application server, it looks to me this is a standard production security policy, not something to pester developers with. It's not a measure to defend against internal attacks*, but to prevent escalation after an intrusion. Of course, the script should be non-modifiable.

      *Although with some effort, it can help to protect against insiders wearing a black hat.

      True. However we will not have access to the scripts on the production servers. They are rollout using SVN.

Re^2: Perl Setuid - Oracle Password Hardcoding
by afoken (Parson) on Nov 19, 2011 at 08:44 UTC

    Two hints:

    1. Given sufficient permissions in /etc/sudoers, the command /usr/bin/sudo -u foo /usr/bin/cat /home/foo/bar.txt runs cat as user foo and writes the contents of /home/foo/bar.txt to STDOUT.
    2. In Perl, $text=`/usr/games/fortune -a`; runs /usr/games/fortune -a and collects all text written to STDOUT in $text. See Safe Pipe Opens for a more robust variant.

    Alexander

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://938326]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (7)
As of 2014-07-12 16:55 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    When choosing user names for websites, I prefer to use:








    Results (240 votes), past polls