http://qs1969.pair.com?node_id=493087


in reply to Re: Encrypting User/Pass sent by WWW::Mechanize
in thread Encrypting User/Pass sent by WWW::Mechanize

Does it count if the webpage I am logging onto is https? I am guessing not, but thought I should ask just to make sure.

If not, How hard would it be for me to set it up?

(A) It would be very hard.
(B) It would be pretty hard, but go here for help.
(C) It's so easy, let me show you how.

Replies are listed 'Best First'.
Re^3: Encrypting User/Pass sent by WWW::Mechanize
by puploki (Hermit) on Sep 19, 2005 at 11:01 UTC

    I suppose there are two aspects to keeping this username and password combination secure:

    • Firstly, the local storage of the script and the username and password it contains.
    • Second, the transmission of these details across the wider internet.

    For the first item, I'd say it would be difficult to securely store the password in the script. Even if you were to use some sort of encryption (and I'm no expert on this) then by virtue of running the script it would have to automatically decrypt the password for use. Therefore you'd need to have some other password or code phrase to restrict access to it, and then you might as well not store your original password in the script and just type it in every time.

    The alternative option is that you store the script + plain text username and password on one of those USB flash memory sticks that do encryption. They either force you to enter a password or some biometric data (fingerprint) and then they appear as a regular drive on your system. You can then just run the script from the removable flash drive.

    Getting back to Perl for the second point, you'd need to ensure that the web site you're talking to uses HTTPS (they really should do) and then just use the secure URL with WWW::Mechanize and you'll know that the details are encrypted across the internet.

    You will need the Crypt::SSLeay and relevant libraries (OpenSSL or the DLLs for Windows - the latter are installed if you use PPM to get Crypt::SSLeay) to use WWW::Mechanize with SSL sites though.