From owner-freebsd-questions  Sat Jun 17 15:30:31 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from emu.prod.itd.earthlink.net (emu.prod.itd.earthlink.net [207.217.121.31])
	by hub.freebsd.org (Postfix) with ESMTP id E824137B50F
	for <freebsd-questions@FreeBSD.ORG>; Sat, 17 Jun 2000 15:30:28 -0700 (PDT)
	(envelope-from cjc@earthlink.net)
Received: from dialin-client.earthlink.net (pool0055.cvx21-bradley.dialup.earthlink.net [209.179.192.55])
	by emu.prod.itd.earthlink.net (8.9.3-EL_1_3/8.9.3) with ESMTP id PAA14722;
	Sat, 17 Jun 2000 15:30:25 -0700 (PDT)
Received: (from cjc@localhost)
	by dialin-client.earthlink.net (8.9.3/8.9.3) id PAA00369;
	Sat, 17 Jun 2000 15:29:01 -0700 (PDT)
Date: Sat, 17 Jun 2000 15:28:30 -0700
From: "Crist J. Clark" <cristjc@earthlink.net>
To: Ryan Thompson <ryan@sasknow.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Securing Perl::DBI connections
Message-ID: <20000617152830.B220@dialin-client.earthlink.net>
Reply-To: cjclark@alum.mit.edu
References: <Pine.BSF.4.21.0006171230140.69823-100000@ren.sasknow.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <Pine.BSF.4.21.0006171230140.69823-100000@ren.sasknow.com>; from ryan@sasknow.com on Sat, Jun 17, 2000 at 12:31:29PM -0600
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, Jun 17, 2000 at 12:31:29PM -0600, Ryan Thompson wrote:

[snip]

> The problem lies in the storage of passwords.  Automated programs need to
> store the password.  And, when we're talking about a world-readable
> clear-text Perl program, we're talking about clear-text passwords.  Now, I
> could beef up permissions somewhat, but since most of these programs run
> under Apache, they must be executable by "nobody".  FWIW, I don't store
> passwords in the programs themselves, just the support modules which exist
> elsewhere on the system (completely off of our web tree).

Writing a quick C program to generate a encrypted password using
crypt(3) is almost trivial. I am also sure there are Perl modules for
doing it too, and you can make the function calls from Perl if you
know what your doing. If there is a reason not to do that, you can do
something like,

  $encrypt_passwd = `md5 -qs $passwd`;

But I am not sure how secure md5(1) is with something like a tiny
password string.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message