Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Re^2: mod_perl2 interactive startup

by amino (Initiate)
on Aug 18, 2009 at 01:46 UTC ( #789323=note: print w/replies, xml ) Need Help??


in reply to Re: mod_perl2 interactive startup
in thread mod_perl2 interactive startup

> Why don't you just check to see if the variable where you put the password has been filled in yet, and skip the terminal if you already have it?

Because the mod_perl app restarts completely, so at least in the perl (as far as I know), no variables or structures persist.
Is it possible to store stuff in the apache object?

>Incidentally, it's not really more secure to enter the password this way than to just keep it in a file that only the web server startup user can read.

I disagree. If the startup user account gets compromised its very easy to read a file and get a password. I believe the bar is a lot higher to extract data from a running program.
How would you go about retrieving a password from a running program?

Replies are listed 'Best First'.
Re^3: mod_perl2 interactive startup
by perrin (Chancellor) on Aug 18, 2009 at 13:36 UTC
    The perl interpreter is not reset. If you put something in a global, it will still be there during the restart.
      How do you do that?

      I tried saving data in a global in the startup.pl and in a package global but when the restart happens they are uninitialized.

      My tests and this line, "During the restart, Perl is completely destroyed and started again." from here leave me at a loss to how to do that.
        I thought it worked to use $My::Variable, but maybe I'm remembering it wrong.
Re^3: mod_perl2 interactive startup
by Anonymous Monk on Aug 18, 2009 at 05:38 UTC
      It is just as trivial. Cleartext Passwords in Linux Memory

      "...that data from memory can be recovered with physical access to systems in a very short period of time." from the abstract of the paper that appears in the first few search results.

      That leads me to believe it is not as trivial b/c an intruder needs physical access.

        That leads me to believe it is not as trivial b/c an intruder needs physical access.

        It doesn't say that.

        Quickly overwriting passwords in memory would minimize the risk of capture via physical access, cold boot techniques, swap space forensics or simple, live, privileged memory captures.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://789323]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (4)
As of 2019-12-06 20:42 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Strict and warnings: which comes first?



    Results (159 votes). Check out past polls.

    Notices?