RE: [Suspected Spam]Re: script credentials

["Ian Bradshaw" <ian () ianbradshaw net>]

Presuming the server is secure restricted access and the objective is for
simplicity rather than security, I'd stick them in the perl file.

For future convenience, I've got a database module I wrote so when it's
being used by multiple scripts at once etc or developing different scripts I
can just call it ... depends how much coding your doing.

Your not going to be able to hide the password apart from at OS level privs.

#!/usr/bin/perl

package IB_Database;

return 1;

sub MySQL {

  use DBI;

  # MySQL CONFIG VARIABLES
  $driver = "mysql"; 
  $database = "tablespace";
  $dsn = "DBI:$driver:database=$database";
  $userid = "username";
  $password = "password";
  
  $dbh = DBI->connect($dsn, $userid, $password, {AutoCommit => 0} ) or die
$DBI::errstr;
  
  return($dbh);

}

Just call it with 

use IB_Database;

($dbh) = IB_Database::MySQL;


The advantage of that is whenever you do a script in the future you know
where all the config stuff is, and also anyone else that has to mess with
it; and if you change DBs just have sub Oracle, sub whatever ... so you can
keep it common between all your stuff.

I also do one along the same lines for other config variables that need
setting ... theres no template I've got for them, but they all sit in an
IB_Settings.pm file so I know in the future if I'm moving servers or
whatever that all specific settings / paths / whatever are in the one config
file no matter what my script / app is doing.

Dunno if thats the sort of thing you were after or a more security
perspective, to which the short answer is there isn't really in Perl for
storing users / passwords ... needs doing at OS level.

Cheers

I.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of NM Support [NetMonastery]
Sent: 14 April 2010 18:21
To: Bryce Verdier
Cc: security-basics () securityfocus com
Subject: [Suspected Spam]Re: script credentials

Bryce,

Frankly, your options are extremely limited, so here goes. Embed the  
password in the perl file, harden the directory around it. Execute the  
script from crontab using root privileges. However, this is a serious  
challenge, for cron to execute.

Shomiron


NM Support [NetMonastery]
nmsupport () net-mon net



On 19-Feb-10, at 11:30 PM, Bryce Verdier wrote:

> Hello,
>
> So I've been writing a Perl script for my job. The script will be  
> run from a cron job (interval not yet set) and deposit some  
> information to a database. The database has a user with minimal  
> rights to insert data.
>
> So my question is with regards to how should the database user  
> credentials be kept. So far the discussion has had three options:
>
> 1) credentials within the script
> 2) command line
> 3) config file
>
> Each one has their own advantages & disadvantages but I would like  
> to get the opinion of the community as to which one gets the label  
> of "best practices".
>
> Thanks in advance guys,
>
> Bryce
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs  
> an SSL certificate.  We look at how SSL works, how it benefits your  
> company and how your customers can tell if a site is secure. You  
> will find out how to test, purchase, install and use a thawte  
> Digital Certificate on your Apache web server. Throughout, best  
> practices for set-up are highlighted to help you ensure efficient  
> ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
> ------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------