Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re: Authen::Passphrase::BlowfishCrypt - Create user.

by oko1 (Deacon)
on Feb 13, 2012 at 04:15 UTC ( [id://953395]=note: print w/replies, xml ) Need Help??


in reply to Authen::Passphrase::BlowfishCrypt - Create user.

Ahh, conceptual questions. A great way to learn something, assuming you have the patience for it. :) My favorite approach, anyway.

From that angle - are you sure that you want to use BlowFish to do this? Frankly, you're not going to get any more security out of it than the basic 'crypt' method gives you - and using a non-standard method for it might give you some headaches down the road, especially if you have to do anything with other people's code related to dealing with passwords.

Next, separate the DB call out of this routine. Consider the situation where you want to add 200 users all at once: do you _really_ want to open and close the DB 200 times? Or would it make more sense to loop 'add_user' and return a statement for each one, then open the DB, fire off all the queries, and close it? Although maybe 'build_user' would be a more appropriate name for the sub at that point. :)

Avoid "magic values". Specifically, don't set that hard value for the email address in there. Long after that sub has become lost in the 10k lines of code around it, and long after you've forgotten what you wrote, you'll be scratching your head and trying to figure out where in *heck* that value came from. Instead, make it another argument that's passed to your sub:

sub add_user { my ($username, $password, $email) = @_; ...

Just some stuff to consider. Others may have more ideas.

-- 
I hate storms, but calms undermine my spirits.
 -- Bernard Moitessier, "The Long Way"

Replies are listed 'Best First'.
Re^2: Authen::Passphrase::BlowfishCrypt - Create user.
by Anonymous Monk on Feb 13, 2012 at 14:07 UTC

    Thanks for the reply. I see your point about the database connections - thanks for the suggestion, it makes better sense!

    The only reason I chose bcrypt was for the longer key setup and I was hoping that would slow down and/or effect any attempt at a brute force attack
    Do you think this isn't worth it?

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://953395]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others lurking in the Monastery: (4)
As of 2024-03-29 06:44 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found