Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??

Decrypting may be impossible, but you don't have to decrypt it -- you just have to find something that creates the same string when encrypted using the same routines through brute force.

Computer security is a bit of a misnomer -- it's never secure in an absolute sense, it just has an acceptable risk, normally by using mechanisms that will attempt to reduce a person's chance of managing to gain access without permission before the information loses its value down to an acceptable level.

But now, we get to the real question -- why is the password in the file? All of these suggestions to store the password using a one way encryption are great, if the script is authenticating a user giving the password. If the script is a client, and needs the password to connect to another service, those suggestions aren't useful.

The original poster might be interested in the thread Quest: a bulletproof-secure, automated scraper, which had a few suggestions on better protecting a password, but they all just slow down someone trying to get the password, and they're not likely to have a whole lot of help on a system where you don't trust people with root access, who could just change the code to write the unencypted/unobfuscated password before it makes use of it.


In reply to Re^3: Protecting passwords in source by jhourcle
in thread Protecting passwords in source by celliott

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Domain Nodelet?
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this?Last hourOther CB clients
    Other Users?
    Others browsing the Monastery: (6)
    As of 2024-09-13 18:38 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?
      The PerlMonks site front end has:





      Results (21 votes). Check out past polls.

      Notices?
      erzuuli‥ 🛈The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.