Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Encrypt password.

Status
Not open for further replies.
devendrap

devendrap

Programmer
Aug 22, 2001
50
US
How to encrypt database password in the perl script? Currently I have database password stored in the perl script, and CGI scripts uses this perl script to connect to database. I would like to encrypt the database password in separate file.

I have shell script to encrypt password file. I have shell command to read encrypted file, but don't know how to use that in CGI/PERL.

Shell Command:
DB=`crypt $key_pw < login_file`;
 
Sort by date Sort by votes
Thanks for your quick response. Can I feed the values from file.
 
Upvote 0 Downvote
Basically I am trying to put security on the database password, which is located in the CGI/PERL scripts. The encrypted CGI/PERL file needs read access to use for decryption script. If user knows the file name, user can put in the URL and open the file and get encryption password as well as method and key. They can decrypt the password themself. I am not sure how to secure the password in CGI/PERL.
 
Upvote 0 Downvote
For encryption and decryption you can use the perl module Crypt::Blowfish which basically uses a key to encrypt and decrypt your info.


I consider this method of protection kinda weak since all it takes is SSH access to read the file in question. You would be better off setting up seperate db passwords for each domain only allowing access from that domain (set-up mysql's Host & User tables).

 
Upvote 0 Downvote
If user knows the file name, user can put in the URL and open the file...
Click to expand...
Which file are we talking about here? Surely not the file with the perl script in it? If the user puts in that URL, it'll execute the script - they won't see the source code.

If you're talking about a file that just contains the encrypted password, that doesn't need to be in the web-accessible space at all - so there's no URL they can put in. Even if they do read it somehow, they can't decrypt it without the key.

Now it's different if you're trying to protect yourself from people who can log on to your web host and look inside. If they can read your DB access script, there's nothing to stop them writing their own one that reads, decrypts and prints out the password. Frankly, though, if your attackers have that much access protecting the password is going to be the least of your problems.

-- Chris Hunt
Webmaster & Tragedian
Extra Connections Ltd
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

megp
  • Locked
  • Question
Password Protection Can Be Bypassed
Replies
8
Views
71
KevinADC
KevinADC
DPROMICS
  • Locked
  • Question
Looking for Perl CGI script that prompts for User ID &amp; Password
Replies
9
Views
308
KevinADC
KevinADC
cptk
  • Locked
  • Question
Password File Access On Server Side
Replies
13
Views
136
cptk
cptk
atsea
  • Locked
  • Question
character conversion and password verification
Replies
3
Views
67
rob51383
rob51383
JillC
  • Locked
  • Question
database and password manager 1
Replies
3
Views
27
PaulTEG
PaulTEG

Part and Inventory Search

Sponsor

Back
Top