As you imply, probably your best bet is to introduce some form
of caching of the POP password that you get back from the
LDAP server. The manner in which you do this is the question.
Like you, I would shy away from putting the password into
the environment :), but I think you've got the right idea: you want
to cache the password on the web machine so that you don't
have to keep asking for it from the LDAP machine.
For security reasons, you should definitely encrypt the passwords
that you cache; probably your best bet is to just encrypt
them using a symmetric cipher, like Crypt::Blowfish, used
in CBC mode (Crypt::CBC). You have to be careful with
the key you use as the encryption/decryption passphrase; if
you store this key in a file anywhere, you're basically negating
the benefits of encrypting in the first place. So you need to find
a way to store the passphrase w/o storing it in plain text on
disk; one way to do this might be to store it in shared memory
or something like that.
The question then becomes: how do you cache the passwords?
Several options that I can think of:
- Use something like Cache::Cache to cache the
encrypted passwords on disk, in memory, etc. You can set the
cached passwords to expire after some amount of time.
- Use something like Apache::Session for the
caching; treat the transaction w/ the user as a session, which
means that when the user enters, he/she gets a unique
session ID. The encrypted mail password then is stored as part
of the session data, and you can store that session data in
any place that Apache::Session supports: database, filesystem,
etc. This scenario works well if you already have the concept of
a "session" while the user is actively in the system; the session
expires when the user logs out, for example, and then you can
get rid of the session file/record/etc.
Either of these options will help you in terms of efficiency, because
you're effectively cutting out one of the steps from each request
(ie. getting the password).
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.