in reply to Security: balancing two conflicting password policies

Ask said admins for guidance as to what you should be doing. I'm sure you're not the only application that is required to jump through these hoops.

If they bring up the compiled/interpreted canard, I would point them to your favorite hexdumper and say "Compiled means you can't read it in Word. It doesn't mean 'encrypted'."

I've found that BCC'ing your manager on these discussions usually doesn't hurt, either.

  • In general, if you think something isn't in Perl, try it out, because it usually is. :-)
  • "What is the sound of Perl? Is it not the sound of a wall that people have stopped banging their heads against?"
  • Comment on Re: Security: balancing two conflicting password policies

Replies are listed 'Best First'.
Re^2: Security: balancing two conflicting password policies
by radiantmatrix (Parson) on May 12, 2005 at 20:48 UTC

    Sadly, I am the unique case. I'm in this boat because they won't buy hardware or pay to move the hardware they "found" for me into the datacenter.

    As for the compiled/interpreted -- that's not really at issue here. The policy not to have cleartext passwords in source is good; I tried to get an exception in this case because I can't use the recommended alternative. I tried to suggest that 'masking' it by using PAR, PP, etc. might be sufficient in this case. No deal - I'm conflicted, because it was the right call for them to make but it's making my life hell. ;-)

    The Eightfold Path: 'use warnings;', 'use strict;', 'use diagnostics;', perltidy, CGI or CGI::Simple, try the CPAN first, big modules and small scripts, test first.

[reply]

In Section Seekers of Perl Wisdom