Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re^2: DBI Password connection to Oracle

by waswas-fng (Curate)
on Jun 28, 2005 at 17:33 UTC ( #470727=note: print w/ replies, xml ) Need Help??


in reply to Re: DBI Password connection to Oracle
in thread DBI Password connection to Oracle

I do not know that your solution meets the Not be able to log into the machine and decrypt the password as a normal user. or Not be able to get the password into a variable in perl. requirements.



-Waswas


Comment on Re^2: DBI Password connection to Oracle
Re^3: DBI Password connection to Oracle
by Transient (Hermit) on Jun 28, 2005 at 17:36 UTC
    Well, as far as the first one goes, it's impossible if the "normal user" is the same as "nobody" or whatever the CGI/Perl user is. If that user can't 'read' the password file, it's a lost cause, period.

    The second one has nothing to do with "identified externally". It should use the UNIX user id/password to validate the user (without the need to pass the actual password). This may or may not work across a network depending upon the flavor of *NIX and type of Oracle. However, remote login via ssh is available without passing a password using public/private key encryption, so I'd figure something similar would be possible here (although I'm not 100% on that).
      nobody or other service users on unix generally have password set to NP or some other special string that does not actually work as a password for the system. This in effect locks out standard auth on the user and only allows su - actions from root.

      The second one as I read it means that DBI access is out of the question -- It either means that his script cant hold the auth keys (no auth at all) or that the auth should be in a form that is not usable in perl.


      -Waswas
        Ok, so then it does satisfy "Not be able to log into the machine and decrypt the password as a normal user"... right?

        As far as the second one - not necessarily, although I will admit that I haven't actually tested such a thing myself. Externally identified means that the operating system (or third-party system) itself verifies the user validation, meaning that there must be a valid login on the database server. Also, there appears to be Oracle net support via Oracle Advanced Security. see here - there is also some information about identified globally, which allows for Active Directory verification.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://470727]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (6)
As of 2014-10-24 21:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (137 votes), past polls