Re: clear-text passwords in shell/perl scripts

[Joseph Miller <joseph () tidetamerboatlifts com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You may not make the system much more physically secure.  But you would make 
it more aggravating for an attacker to actually attempt to steal the 
password.  He would have to find the key for the file, find the code for the 
encryption, determine any salts, and then expect that everything else was in 
order. (You could modify a perl module that handles the encryption, just to 
confuse an attacker.  The attacker would not likely look at this code, but be 
warned, this is security through obscurity and is not really security.)  
Basically, it boils down to how bad does the attacker really want to break in 
and how aggravating do you want to make it for an attacker?

I don't really know of any particularly good solutions for the problem other 
than to keep the password stored in RAM, that is, to have the program running 
in the background all the time.   Not that this is a *good* solution, but a 
solution option nonetheless.  The main problem with this is that if your box 
goes through a restart, you will have to manually enter in the password.  I 
don't really know what to tell you, and none of this may really help at all.

- -Joseph

On Friday 18 March 2005 1:18 pm, Jeff Robertson wrote:
> Say that a perl script needs access to a database, and access to this
> database requires a password. The script needs to run automatically with no
> human intervention, so it is not possible to prompt a user to enter the
> password at run time. This means that the password must either be in the
> script itself or in a file readable by the script.
>
> I have been asked what can be done to protect this password from falling
> into the wrong eyes. My recommendation is to tightly control read
> permissions to the script and/or the file that contains the password. Make
> the file owned by a special-purpose user who only exists to run this
> script, and chmod it to 600. That sort of thing.
>
> It has been suggested to encrypt the password. Since the script needs to
> get the clear text of the passwords in order to use them, this will need to
> be symmetric encryption and the script will need to have the key available,
> presumably stored in yet another file. As there would be no way to keep the
> key from being stolen other than to use the file permissions that were
> being relied on previously, you've just increased the complexity of the
> system without actually making it any more secure. This is bad. You'd be
> better off sticking with the simpler solution, since the security is the
> same either way.
>
> Can anyone either refute or provide further points in support of my stance
> on this?
>
> Jeff Robertson
> Manager of Web Application Security
> Digital Insight
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCPttimXZROF+EADURAuf0AJ9MQ+Zo3khQiS6zKtYXLRGKmJriUwCeI67a
FUIfdffr4gCQnCKhiibNCQI=
=mKFi
-----END PGP SIGNATURE-----