The application in question is written partly in perl, but my apologies if this question isn't particularly perl related.

One task of our free (beer/source) database application is to check kids in and out of a building quickly by swipping bar-coded badges. Member and check in/out data will be cached locally and SELECTed /INSERTed from a remote database server.

Our problems are balancing ease of use and security and deciding what we want to keep secure.

Some factors:

We will connect to the database as a user with very limited powers. The user will be able to SELECT member & ID data from a single view and INSERT in/out/timestamp data into a single table. The consequences of a total break in security are relatively minor

Our check in/out component will be running on a task station dedicated exclusively to checking people in and out of the building. We'll restrict the task station to running our application, shutting down the computer and changing the workstation password.

At least a dozen teenagers will be using the workstation to check a couple hundred other teens in and out of the building. The password to the workstation will probably be distributed relatively widely.

The IP number of the NAT gateway the task station is behind is assigned dynamically and this is the IP# we'll be connecting to the database from.

Our current kludgy plan is to store our application as byte code and to store a string in an external file. The application would use some of this string and the MAC address of the workstation, rot13 and crypt to generate the actual database password. --How we hid the password is probably a detail.

We think this would be better than requiring the users to enter a OS password and then a database password. We can't keep the workstation password from wide distribution, but we can limit people's ability to access the database from outside our application.

It feels vaguely like some sort of public/private key thingamajig might do a better job. One thing that bugs more about our current approach is that publishing our code becomes a little problamatic. (assuming our code were worth publishing) Again, breached security does not launch nuclear missiles so we probably don't want to got nuts here.

Is there a better/simpler way to do this?



email: mandog#

In reply to storing passwords (OT??) by mandog

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.