Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Re: How can a script use a password without making the password visible?

by hippo (Canon)
on Mar 01, 2017 at 11:21 UTC ( #1183262=note: print w/replies, xml ) Need Help??


in reply to How can a script use a password without making the password visible?

  • Environment variables
  • Per-user config files
  • Command-line switches
  • Prompt the user at run-time (ie. STDIN)

Take your pick but bear in mind that most of these have security concerns depending on who has access to what.

Also be aware that any coder working on a script can have it output any data from the script in any form (save to a file, email it, FTP it, whatever) so you have to trust the coder at some level.

Addendum: Also consider the related FAQ

  • Comment on Re: How can a script use a password without making the password visible?

Replies are listed 'Best First'.
Re^2: How can a script use a password without making the password visible?
by afoken (Abbot) on Mar 01, 2017 at 15:26 UTC
    Environment variables

    Insecure. See Re^2: exec, echo and pipe and below.

    Per-user config files

    With chmod 0600, ok if you can trust root and the filesystem containing the configuration file is not exposed to other machines (e.g. via NFS or Samba). Insecure if running on a shared hosting webserver, where all code runs using the same user account.

    Command-line switches

    Insecure. See Re^2: exec, echo and pipe and below.

    Prompt the user at run-time (ie. STDIN)

    Won't work in a web environment.

    Alexander

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
      ok if you can trust root

      If you can't trust root then I'd suggest that you have bigger problems than just protecting your config files.

        If you can't trust root then I'd suggest that you have bigger problems than just protecting your config files.

        As I understand it, the SELinux modules can prevent even root from accessing certain files. Of course, then you have to trust your security admin.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1183262]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (4)
As of 2019-04-24 08:35 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I am most likely to install a new module from CPAN if:
















    Results (121 votes). Check out past polls.

    Notices?