Apart from a suid script, which is really the only way to do this "properly", there are few options that will actually work to the same degree.

I can only assume that you are concerned about 'shell-level' access to the database, and not through the Web in particular. As such, you want to prevent the average user from discovering the DB password, such that they can connect to the DB and do all sorts of horrible things to it, outside the scope of the script(s) which are presumably safe.

The reality is that if the user's Perl interpreter can read the script, and the associated password, then there is little you can do to prevent it from being discovered. You can obfuscate it a bit (i.e. 'perlcc' plus some tricks to prevent a plain-text attack), but that only buys you limited time from a determined cracker. If the script can't read the password, it can't access the DB.

If it's applicable, you might want to move your application to a Web based format, such that the users don't have direct access to the system. This will go a long way to preventing unauthorized activity.

As a cheaper alternative, you may be able to restrict 'shell' access by setting their login shell to be the application. Historically, though, it is easy to escape from this kind of restriction using something as simple as ':shell' in vi, so some care will have to be taken when testing.

In reply to Re: Hiding passwords in scripts... by tadman
in thread Hiding passwords in scripts... by suaveant

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.