Beefy Boxes and Bandwidth Generously Provided by pair Networks
Come for the quick hacks, stay for the epiphanies.
 
PerlMonks  

How to Encrypt Authentication and Data to DB?

by jimw54321 (Acolyte)
on Jan 27, 2015 at 21:25 UTC ( [id://1114672]=perlquestion: print w/replies, xml ) Need Help??

jimw54321 has asked for the wisdom of the Perl Monks concerning the following question:

Greetings,

Really need ideas and feedback for my thinking below.

I have a problem where various people around me insist that Perl must be able to take an encrypted username and password and authenticate encrypted to our database.

Currently I have DBI/DBD::Oracle installed on Solaris boxes talking with Oracle 11g on Red Hat both of which are inside our firewall.

I am considering proposing I put our files containing database usernames and passwords in directories and files only accessible by the owner (500 for directories and 400 for files to prevent accidental modification).

I have been maintaining that the Perl process will read the files (encrypted or not) and generate username and password in memory in unencrypted form. Furthermore the unencrypted username and password are sent across our network in the clear.

Bottom line: is anyone aware of a way to use some form of encrypted authentication? Data encryption would be an awesome bonus. Does this require modules from CPAN other than DBI/DBD::Oracle?

Much thanks for the help,

Jim

  • Comment on How to Encrypt Authentication and Data to DB?

Replies are listed 'Best First'.
Re: How to Encrypt Authentication and Data to DB?
by nikosv (Deacon) on Jan 28, 2015 at 22:03 UTC
    Oracle supports network level encryption,which means all your data and passwords can be transfered over SSL.

    You don't have to encrypt and decrypt credentials yourself

    Check https://kb.berkeley.edu/page.php?id=23274

[reply]
Re: How to Encrypt Authentication and Data to DB?
by sundialsvc4 (Abbot) on Jan 27, 2015 at 23:07 UTC

    First of all, seriously consider using LDAP (a.k.a. Microsoft OpenDirectory) instead.   This is probably the most widely used strategy for centralized management of authentication and authorization throughout an enterprise, and its use generally requires the construction of no software at all.   There are plenty of administrative consoles out there which a security department can easily use to manage this information across all systems, and there is nothing to invent nor particularly to write.

    Secondly, it is most common to store one-way-hashed values (SHA1 is recommended today over MD5) in any database store.   These functions produce a “digital signature” which is extremely sensitive to changes but which cannot be reversed.   Hashed values, not plaintext, are the only thing sent across the wire (which should nonetheless be an encrypted, e.g. VPN, connection).

      (SHA1 is recommended today over MD5)

      Use Crypt::Eksblowfish::Bcrypt if you're doing any sort of encryption like this.

      I mean, MD5 shouldn't even be mentioned in encryption context.

      Three thousand years of beautiful tradition, from Moses to Sandy Koufax, you're god damn right I'm living in the fucking past

[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://1114672]
Approved by GotToBTru
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chilling in the Monastery: (3)
As of 2024-04-24 04:24 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found