Security Basics mailing list archives
RE: [Suspected Spam]Re: script credentials
From: "Ian Bradshaw" <ian () ianbradshaw net>
Date: Thu, 15 Apr 2010 16:49:55 +0100
Presuming the server is secure restricted access and the objective is for simplicity rather than security, I'd stick them in the perl file. For future convenience, I've got a database module I wrote so when it's being used by multiple scripts at once etc or developing different scripts I can just call it ... depends how much coding your doing. Your not going to be able to hide the password apart from at OS level privs. #!/usr/bin/perl package IB_Database; return 1; sub MySQL { use DBI; # MySQL CONFIG VARIABLES $driver = "mysql"; $database = "tablespace"; $dsn = "DBI:$driver:database=$database"; $userid = "username"; $password = "password"; $dbh = DBI->connect($dsn, $userid, $password, {AutoCommit => 0} ) or die $DBI::errstr; return($dbh); } Just call it with use IB_Database; ($dbh) = IB_Database::MySQL; The advantage of that is whenever you do a script in the future you know where all the config stuff is, and also anyone else that has to mess with it; and if you change DBs just have sub Oracle, sub whatever ... so you can keep it common between all your stuff. I also do one along the same lines for other config variables that need setting ... theres no template I've got for them, but they all sit in an IB_Settings.pm file so I know in the future if I'm moving servers or whatever that all specific settings / paths / whatever are in the one config file no matter what my script / app is doing. Dunno if thats the sort of thing you were after or a more security perspective, to which the short answer is there isn't really in Perl for storing users / passwords ... needs doing at OS level. Cheers I. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of NM Support [NetMonastery] Sent: 14 April 2010 18:21 To: Bryce Verdier Cc: security-basics () securityfocus com Subject: [Suspected Spam]Re: script credentials Bryce, Frankly, your options are extremely limited, so here goes. Embed the password in the perl file, harden the directory around it. Execute the script from crontab using root privileges. However, this is a serious challenge, for cron to execute. Shomiron NM Support [NetMonastery] nmsupport () net-mon net On 19-Feb-10, at 11:30 PM, Bryce Verdier wrote:
Hello, So I've been writing a Perl script for my job. The script will be run from a cron job (interval not yet set) and deposit some information to a database. The database has a user with minimal rights to insert data. So my question is with regards to how should the database user credentials be kept. So far the discussion has had three options: 1) credentials within the script 2) command line 3) config file Each one has their own advantages & disadvantages but I would like to get the opinion of the community as to which one gets the label of "best practices". Thanks in advance guys, Bryce ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1
------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- [Suspected Spam]Re: script credentials NM Support [NetMonastery] (Apr 15)
- RE: [Suspected Spam]Re: script credentials Ian Bradshaw (Apr 15)