Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

DBD::Oracle Connecting to a database without hard coding username/password

by hmadhi (Acolyte)
on Oct 10, 2011 at 20:06 UTC ( #930701=perlquestion: print w/ replies, xml ) Need Help??
hmadhi has asked for the wisdom of the Perl Monks concerning the following question:

I need to connect to an Oracle Database, but I am not allowed to hard code the username/password into my perl script. This is for security reasons. What are my alternatives?

Comment on DBD::Oracle Connecting to a database without hard coding username/password
Re: DBD::Oracle Connecting to a database without hard coding username/password
by roboticus (Canon) on Oct 11, 2011 at 00:34 UTC

    hmadhi:

    There are multiple ways to do it. You could prompt the user for the information, store it in the registry (if it's windows), store it elsewhere, ...

    However, if you want to pass security audits in your company, you ought to find out what everyone else is doing, and do it the same way (if possible). That way you won't have a username/password sitting out there in a non-standard location ready to bite some poor maintenance programmer at some future time.

    ...roboticus

    When your only tool is a hammer, all problems look like your thumb.

Re: DBD::Oracle Connecting to a database without hard coding username/password
by BrowserUk (Pope) on Oct 11, 2011 at 00:54 UTC
    What are my alternatives?

    Arguably the best method of DB authentication is to instruct the DBM to use the OS to authenticate users.

    See here for Oracle.

    If the script(s) in question are to be used by a large number of users, then combining OS authentication with controlling visibility of te scripts through file system ACLs is a convenient mechanism. You place the scripts on shared media owned by a particular group and then give authorised users membership of that group.

    The exact steps required will depend upon your DB and OS. The best place to look is the relevant documentation.


    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    "Science is about questioning the status quo. Questioning authority".
    In the absence of evidence, opinion is indistinguishable from prejudice.
Re: DBD::Oracle Connecting to a database without hard coding username/password
by Anonymous Monk on Oct 11, 2011 at 01:04 UTC

    Hi,

    Ask your security people, they will tell you the acceptable ways to do it.

    J.C.

      What if your security people aren't sure either? I think if you have practices in place at your company how to do it, that's great, but there are definite cases, including new systems, where there is no standard. -theleftsock

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://930701]
Approved by planetscape
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (5)
As of 2014-08-01 02:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (256 votes), past polls