Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

Re: best way to store login information for a perl script?

by Your Mother (Bishop)
on Jul 04, 2009 at 06:11 UTC ( #777180=note: print w/replies, xml ) Need Help??

in reply to best way to store login information for a perl script?

Synchronicity. I just wrote this idea into some code an hour ago for a stock account package. I used the idiom from mysql. A config file in the user's home. So, something like-

use YAML (); my $config = YAML::LoadFile("$ENV{HOME}/.twitter.cnf"); # Where the file in question is only readable by the user- cow@moo[1607]~>sl .twitter.cnf -rw------- 1 cow staff 0 Jul 3 23:08 .twitter.cnf # And the config file looks like (YAML) this- --- username: MooseQueen password: twitterLuser

Then, presumably, all together-

use Net::Twitter; use YAML (); my $config = YAML::LoadFile("$ENV{HOME}/.twitter.cnf"); my $twit = Net::Twitter->new( traits => [qw/API::REST/], %{$config}, );

Replies are listed 'Best First'.
Re^2: best way to store login information for a perl script?
by JavaFan (Canon) on Jul 04, 2009 at 12:24 UTC
    That's just pushing the problem around. If someone can get hold of a file of yours that contains Perl statement, (s)he's as likely to get hold of a file of yours that contain configuration data.
      Nonetheless, keeping authentication/login data out of program code is generally a good idea. Deciding whether to store such info in a separate (private, rw-------) data file (as opposed to requiring manual entry on every run) is a question of weighing the tradeoff between convenience vs. risk.

      If someone other than me can see the contents of a file after I've done chmod 600 on it, and can decide to do something malicious with that, it means someone with malicious intent has root access on my system. In that case, exposure of login info on a twitter account would be the least of my worries.

      I disagree. It's an improvement. The executable could be installed in /usr/local/bin or someplace or be a module in a public lib. The only more secure answer is taking a passkey or something against some encryption keys and you have to do that under either SSL or with echo off in the terminal and the whole point of a tool like this is to make it easier, not to make it a functionally identical interface the web UI.

        You know, the OP didn't strike me as someone who was contemplating putting script like that on a box with multiple users. Or even having the authentication to do so. He certainly wasn't asking about a general program (otherwise, he would have realized that hardcoding a single username/password for a global program isn't going to work anyway).

        My guess is that either 1) he has written a script which runs from this personal box noone else has access to (in which, it doesn't really matter where he stores the password), or 2) he has written a script while working on a shared box, and isn't root. In which both the script, and the config file are stored somewhere in or below his homedirectory.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://777180]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (3)
As of 2018-06-24 11:56 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (126 votes). Check out past polls.