Date: Sat, 17 Jun 2000 15:28:30 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Ryan Thompson <ryan@sasknow.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Securing Perl::DBI connections Message-ID: <20000617152830.B220@dialin-client.earthlink.net> In-Reply-To: <Pine.BSF.4.21.0006171230140.69823-100000@ren.sasknow.com>; from ryan@sasknow.com on Sat, Jun 17, 2000 at 12:31:29PM -0600 References: <Pine.BSF.4.21.0006171230140.69823-100000@ren.sasknow.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jun 17, 2000 at 12:31:29PM -0600, Ryan Thompson wrote: [snip] > The problem lies in the storage of passwords. Automated programs need to > store the password. And, when we're talking about a world-readable > clear-text Perl program, we're talking about clear-text passwords. Now, I > could beef up permissions somewhat, but since most of these programs run > under Apache, they must be executable by "nobody". FWIW, I don't store > passwords in the programs themselves, just the support modules which exist > elsewhere on the system (completely off of our web tree). Writing a quick C program to generate a encrypted password using crypt(3) is almost trivial. I am also sure there are Perl modules for doing it too, and you can make the function calls from Perl if you know what your doing. If there is a reason not to do that, you can do something like, $encrypt_passwd = `md5 -qs $passwd`; But I am not sure how secure md5(1) is with something like a tiny password string. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000617152830.B220>