Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re^2: Perl Setuid - Oracle Password Hardcoding

by zekeb (Initiate)
on Nov 17, 2011 at 00:15 UTC ( #938492=note: print w/ replies, xml ) Need Help??


in reply to Re: Perl Setuid - Oracle Password Hardcoding
in thread Perl Setuid - Oracle Password Hardcoding

It sounds like the dbas don't want the developer to know the password to Oracle. If they run the script with sudo or setuid or whatever, what would prevent them from just having the code print out the password that was read from the file?


Comment on Re^2: Perl Setuid - Oracle Password Hardcoding
Re^3: Perl Setuid - Oracle Password Hardcoding
by JavaFan (Canon) on Nov 17, 2011 at 00:41 UTC
    Considering that the OP is talking about an application server, it looks to me this is a standard production security policy, not something to pester developers with. It's not a measure to defend against internal attacks*, but to prevent escalation after an intrusion. Of course, the script should be non-modifiable.

    *Although with some effort, it can help to protect against insiders wearing a black hat.

Re^3: Perl Setuid - Oracle Password Hardcoding
by hmadhi (Acolyte) on Nov 17, 2011 at 16:24 UTC

    True. However we will not have access to the scripts on the production servers. They are rollout using SVN.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://938492]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (6)
As of 2014-08-02 04:08 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Who would be the most fun to work for?















    Results (54 votes), past polls