Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot

Re: Re: Re: Obscuring sensitive data in Perl code?

by Anonymous Monk
on Mar 10, 2001 at 03:20 UTC ( [id://63396]=note: print w/replies, xml ) Need Help??

in reply to Re: Re: Obscuring sensitive data in Perl code?
in thread Obscuring sensitive data in Perl code?

To spell it out more explicitly...

Make your program setgid and make it owned by a new group such as "wwwpass". Hide your database username/password combo in a separate file which can only be read by the group "wwwpass".

Now only your program can read the file. Before it does, have your program authenticate the user somehow. If this authentication fails, just terminate the program. If it passes, go ahead and read the sensitive data from that external file.

This way, even if a user finds out where the sensitive data is hidden, he can't read it unless he uses your program and passes your authentication test.

You can use setuid instead of setgid if you must, but I personally feel safer using setgid and using a new group name which is dedicated to this task alone.

The only drawback to all of this is that you must now ensure that your program will pass "taint" checks. But is that really a drawback?


  • Comment on Re: Re: Re: Obscuring sensitive data in Perl code?

Replies are listed 'Best First'.
Re: Re: Re: Re: Obscuring sensitive data in Perl code?
by larryl (Monk) on Mar 10, 2001 at 23:12 UTC

    Excellent scheme, thanks! Sorry I overlooked it in the first round of replies! I think a combination of this method and DBIx::Password used in the appropriate spots will work very well.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://63396]
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others studying the Monastery: (2)
As of 2024-04-17 03:39 GMT
Find Nodes?
    Voting Booth?

    No recent polls found