Re: Hiding passwords in scripts

Replies are listed 'Best First'.
Re^2: Hiding passwords in scripts by amt (Monk) on Sep 29, 2004 at 12:53 UTC
I am having a similar problem, but my problem is that my software has these lines repeated multiple times, so can you please elaborate on this topic? I'm looking to create a configuration file with the appropriate information, and get it into my source. What directive would I need to include: use? require? amt. perlcheat	[reply]
Re^3: Hiding passwords in scripts by pelagic (Priest) on Sep 29, 2004 at 13:29 UTC
You could use a very simple config file (call it eg .secret.config to make it hidden) such as: `first secret second public` [download] and parse it with ConfigReader::Simple like: `use strict; use ConfigReader::Simple; my $config = ConfigReader::Simple->new(".secret.config"); print $config->get( "first" ), "\n"; print $config->get( "second" ), "\n";` [download] Update Of course hidden is not read protected. It's just that you don't see your settings in the code. To get more security you might want to protect the config file with a mode that only the executor can read the content ... but then how can the developers test the thing? pelagic	[reply] [d/l] [select]
Re^3: Hiding passwords in scripts by ikegami (Patriarch) on Sep 29, 2004 at 14:52 UTC
No, `use`, `require` and `eval` should not be used. `do` is the one. Search for threads on including other perl files for discussions on this topic.	[reply] [d/l] [select]
Re^2: Hiding passwords in scripts by inman (Curate) on Sep 29, 2004 at 14:54 UTC
Take the config file approach a step further by setting the file permissions to limit access. If you need other people to have access to the script (and config file) then you will have to set rights for a group.	[reply]
Re^2: Hiding passwords in scripts by SpanishInquisition (Pilgrim) on Sep 29, 2004 at 19:50 UTC
Use a hidden file such as .password This is security through obscurity. The proper thing do here is to configure your database to identify itself in a more secure manner than using passwords in scripts. Meanwhile, keep in mind that dotfiles are NOT hidden in the least, and you probably want chmod 700. See here (can't find the official link, but it's still a good read): Auth-Methods for Postgresql Talk to your DBA.	[reply]