HI all,
Thanks to everyone who had given their input ...
At the every least, I hope to be able to make the password "cryptic" in some
way not super-duper hiding the stuff.
Anyway, at the moment, I create a password word that is accessed by the
script and is read only and readable by the owner of the script ...
On Thu, Feb 11, 2010 at 10:37 PM, Philip Potter
<philip.g.pot...@gmail.com>wrote:
> On 10 February 2010 23:04, newbie01 perl <newbie01.p...@gmail.com> wrote:
> >
> > Hi all,
> >
> > Can anyone please advise how I can change the following codes to work
> where
> > the <username> and <correct_pass> are not exposed?
> > Script is ran via crontab and can also be run manually, at the moment am
> > reading these values from some sort of delimited file.
> >
> > The worry is someone getting access to the script and then putting in
> some
> > print commands to expose the username and password information.
> > Just thinking in advance before it happen. The original script is a UNIX
> > script but I thought there may be a Perl module that will masked
> > the password where there is none of the same thing for UNIX scripts.
> >
> > #!/usr/bin/perl
> >
> > use DBI;
> >
> > ......
> > ......
> >
> > $dbh = DBI->connect('dbi:Oracle:host=localhost;sid=test;port=1521',
> > '<username>', '<correct_pass>');
> > my $sth = $dbh->prepare("alter session set nls_date_format = 'DD-MON-YYYY
> > HH24:MI:SS'");
> > $sth->execute();
> > my $sth = $dbh->prepare("select 'Today is ' || sysdate from dual");
> > $sth->execute();
> > while (my ($sysdate) = $sth->fetchrow_array()) {
> > print $sysdate, "\n";
> > }
> > $sth->finish();
> >
> > exit 0;
> >
> > Any feedback will be very much appreciated. Thanks in advance
>
> What is your threat model? ie what kind of attacker are you trying to
> protect yourself from?
>
> You can prevent casual attacks by following some of the suggestions in
> perldoc -q "hide the source".
>
> There is no way to do what you ask in such a way that a determined
> attacker will not be able to get your password. If this is a problem,
> you need to redesign your system.
>
> If you want to make sure the only way a user can access the database
> is through your perl script, you'll need to do something to enforce
> that, such as storing the script on a different server and giving it a
> web interface, and making the database invisible to everything but the
> server the script is hosted on. [This might work but it's not
> necessarily a good idea.]
>
> Phil
>
