On 10 February 2010 23:04, newbie01 perl <newbie01.p...@gmail.com> wrote:
>
> Hi all,
>
> Can anyone please advise how I can change the following codes to work where
> the <username> and <correct_pass> are not exposed?
> Script is ran via crontab and can also be run manually, at the moment am
> reading these values from some sort of delimited file.
>
> The worry is someone getting access to the script and then putting in some
> print commands to expose the username and password information.
> Just thinking in advance before it happen. The original script is a UNIX
> script but I thought there may be a Perl module that will masked
> the password where there is none of the same thing for UNIX scripts.
>
> #!/usr/bin/perl
>
> use DBI;
>
> ......
> ......
>
> $dbh = DBI->connect('dbi:Oracle:host=localhost;sid=test;port=1521',
> '<username>', '<correct_pass>');
> my $sth = $dbh->prepare("alter session set nls_date_format = 'DD-MON-YYYY
> HH24:MI:SS'");
> $sth->execute();
> my $sth = $dbh->prepare("select 'Today is ' || sysdate from dual");
> $sth->execute();
> while (my ($sysdate) = $sth->fetchrow_array()) {
> print $sysdate, "\n";
> }
> $sth->finish();
>
> exit 0;
>
> Any feedback will be very much appreciated. Thanks in advance
What is your threat model? ie what kind of attacker are you trying to
protect yourself from?
You can prevent casual attacks by following some of the suggestions in
perldoc -q "hide the source".
There is no way to do what you ask in such a way that a determined
attacker will not be able to get your password. If this is a problem,
you need to redesign your system.
If you want to make sure the only way a user can access the database
is through your perl script, you'll need to do something to enforce
that, such as storing the script on a different server and giving it a
web interface, and making the database invisible to everything but the
server the script is hosted on. [This might work but it's not
necessarily a good idea.]
Phil
--
To unsubscribe, e-mail: beginners-unsubscr...@perl.org
For additional commands, e-mail: beginners-h...@perl.org
http://learn.perl.org/
