Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re: How can a script use a password without making the password visible?

by bart (Canon)
on Mar 01, 2017 at 18:04 UTC ( #1183309=note: print w/replies, xml ) Need Help??


in reply to How can a script use a password without making the password visible?

A coder with access to the script can do anything with the password, including printing it to the console. They can read the entire database too, or wipe tables. So, if you cannot trust your coders, you have a huge problem.

If your real fear is that outsiders accidentally get read access to the code, and can see the password, then I would recommend restricting access using the password to localhost — or for an IP address on your local network. MySQL (and, thus, MariaDB) allow you to define a login (user/password combination) that doesn't work remotely, and I'm quite sure PostGres does too.

In fact, I often use no password for a restricted user, in applications on a website. You cannot login without password in PHPMyAdmin, and other similar database CRUD tools (which actually work on localhost/intranet). So, having no password actually protects you from such hackers.

  • Comment on Re: How can a script use a password without making the password visible?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1183309]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (3)
As of 2019-04-23 07:52 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I am most likely to install a new module from CPAN if:
















    Results (115 votes). Check out past polls.

    Notices?