Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

comment on
( [id://3333]=superdoc: print w/replies, xml ) Need Help??

Hmm. If you can not trust the local machine, then you are in trouble. It really does not matter how you secure the data - at some point you are holding an unsecured token which enables access to that secured data. What happens if someone gains access to your agent?

So - for me the actual question is not on how to secure the token, but on how to prevent mis-use if the token gets stolen. Maybe it's advisable to implement an intermediate client/server and handle the information exchange via there - limit the visible/modifyable data to the absolute required minimum and don't expose anything else. That still doesn't solve much if the actual transferred data is 'dangerous' (e.g. password hashes), but it's a first step to prevent data leakage.

Split up your tools into a client component and a server component? The (local) client just provides the interface to query/modify some data, the server checks the requests for validity / sanity and does the actual interaction with your database / LDAP. It also may apply restrictions on who is able to see what data. Users may even need to authenticate against the client with the server checking the credentials. Please do not distribute the usernames/password with each client. (And yes, someone has done this. Honeywell / Saia-Burgess got some embarassing press coverage for performing user/password authentication in a local Java-Applet for their heating plants.)

In reply to Re: using ssh-agent from a perl script by Monk::Thomas
in thread using ssh-agent from a perl script by Skeeve

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":


  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others romping around the Monastery: (7)
As of 2024-04-23 10:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found