Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

DBI and plain text passwords

by young perlhopper (Scribe)
on Aug 01, 2000 at 01:44 UTC ( #25351=perlquestion: print w/replies, xml ) Need Help??

young perlhopper has asked for the wisdom of the Perl Monks concerning the following question:

Does anybody know of any good mechanisms to avoid having plain text passwords in one's DBI code? Prompting for a password is not an option, as my code has to be able to run autonomously.

One solution I thought of was writing a daemon (or using a pre-existing one if this wheel's already been invented) to listen on a port, perform some type of authentication against incoming connections (presumably involving a non-worldreadable key or password file), and then make itself into a bridge between the remote host and the MySQL server. In this instance, mysql would only allow connections from the localhost, so one would be required to go through this proxy daemon. Please note that I haven't thought about the details involved in this scheme, or even decided if it is secure or possible.

I'm sure other people have run into this problem, how have they dealt with it? My main goal here is that i don't want to have plain text passwords in my code *or* going across my network.

Thanks!
Mark

Replies are listed 'Best First'.
Re: DBI and plain text passwords
by lhoward (Vicar) on Aug 01, 2000 at 01:49 UTC
    It has alredy been written (at least mostly). See DBI::Proxy.
Re: DBI and plain text passwords
by infinityandbeyond (Sexton) on Aug 01, 2000 at 02:13 UTC
    MySQL accepts internal SSL connections.

    Check out the latest MySQL documentation (chapter 6, I belive) for more details on how to secure your databases.
    MySQL Documentation

    - Infinityandbeyond
Re: DBI and plain text passwords
by tiny (Beadle) on Aug 01, 2000 at 06:52 UTC
    At work we use a module that reads a tucked-away file containing a list of Oracle instances and their corresponding login and password info, like so:
    db1/user1/pass1
    db2/user2/pass2
    ...

    Any script that needs database access simply calls:
    my $dbh = DBModule->new('db1');
    and the module handles the password stuff. This way even the programmers don't have to know the password (I'd hate working in a place like that though!). Our module also optionally accepts the login and password if specified.

    Now as for plain text passwords going across the network.. the previous 2 replies seem to have some good answers to that problem.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://25351]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (3)
As of 2022-08-09 04:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?