Do you know where your variables are? | |
PerlMonks |
Re: How to hide the user id and password inside the perl script?by sundialsvc4 (Abbot) |
on Jul 21, 2015 at 11:44 UTC ( [id://1135577]=note: print w/replies, xml ) | Need Help?? |
Let me very-strongly echo the sentiment ... that under n-o circumstances should you ever have a password in a script. That you should use o-n-l-y digital certificates (“password-free”) and that, furthermore, you should exclude passwords as an available means of authentication. (Perversely, ssh will accept the least-secure option that is made available to it, so it must be told to exclude passwords as an option.) Even though a password is not required for a holder of the certificate to make the connection, the connection (if secured by a uniquely-issued certificate) is much, much stronger. You can’t “fake” not having one of the right keys, and the script does not have to, itself, “present” the key that is to be used. Finally, in most large organizations, ssh certificates are or can be controlled using LDAP (OpenDirectory), along with everything else, thus allowing for central management of keys (on both sides) across all servers. “Grabbing a live password from a script or job-file” is one of the most common exploits that there is.
In Section
Seekers of Perl Wisdom
|
|