in reply to Hiding passwords in scripts...

You're not missing anything. If someone has access to the script source, and can run another script in the same environment, it doesn't matter what you do: they'll be able to determine the password.

So, you need to prevent one or more of those conditions. Either don't give them access to the source (or the sources being pulled in), or don't give them the ability to run a program in the same environment.

-- Randal L. Schwartz, Perl hacker

Replies are listed 'Best First'.
Re: Re: Hiding passwords in scripts...
by suaveant (Parson) on Apr 13, 2001 at 19:41 UTC
    So, there is no way to tell for sure the location of the script calling you... doesn't surprise me, would be nice, though. Since then people could run the script but their own script wouldn't work with it....

    Too bad you can't make perl script 711 like compiled binaries...

    Although... here's an idea... you can make c binaries executable but not readable... correct? maybe a compiled c binary that contained the password, and basically just ran a sscript via the system call... passing the password in... ummm... ARGV and env are both accessible through like... /proc aren't they... what is the best way? Because then you could have a nice generic C source, feed it the data you want added in, and still have the perl script run as the user and not suid. Not sure this is right, but it sounds promising...
                    - Ant

[reply]

In Section Seekers of Perl Wisdom