If you're actually using BCP you can pass it via STDIN; e.g.:

 

open BCP, "| bcp db..table in -U$user_name -S$server_name -f $file_name
-n";

print BCP $password . "\n";

...

 

Inside Perl scripts I have a Perl function that returns the password

 

For other users (e.g. binaries that require the password on the command
line) I have a script that returns the password, depending on Unix file
permissions to keep prying eyes out, e.g.:

 

bcp db..table in -U$user_name -S$server_name -P$(getpass $server_name
$user_name) -f $file_name -n

 

So with ps, you can see the user name and server name, but not the
password, unless you have access to the file where the passwords are
stored.

 

 

From: William Ward gmail [mailto:william.w...@gmail.com] 
Sent: Wednesday, February 16, 2011 4:12 AM
To: shawn wilson
Cc: dbi-users@perl.org
Subject: Re: BCP for passing $password to a command-line Perl script?

 

Unix file permissions are better than command line or environment
variables
at least (safe from ps snipping anyway)
On Feb 16, 2011 12:48 AM, "shawn wilson" <ag4ve...@gmail.com> wrote:
> On Feb 16, 2011 3:22 AM, "Bill Ward" <b...@wards.net> wrote:
>>
>> I generally put such things in a config file.
>
> I don't see how this would be more secure.
>
> Using sha1 (or something else in Crypt::) comes to mind as a better
> solution. Plain text files can be made pretty secure with SELinux but
most
> won't.
>
> That said, I've got my db creds in a pm...
>>
>> On Tue, Feb 15, 2011 at 11:45 PM, Ivan Shmakov <i...@main.uusia.org>
> wrote:
>>
>> > BTW, what is the best current practice to pass ->connect ()
>> > $password to a command-line Perl script?
>> >
>> > Both specifying it via a command-line argument or via an
>> > environment variable (DBI_PASS) is insecure, as on some systems
>> > this information could easily be seen by the other users on the
>> > same host.
>> >
>> > Perhaps, some variation on Net::Netrc should be used instead?
>> >
>> > My primary interests currently are PostgreSQL, which can use
>> > Kerberos, and SQLite, which uses filesystem access rights
>> > instead, but just for the case...
>> >
>> > --
>> > FSF associate member #7257
>> >
>>
>>
>>
>> --
>> Check out my LEGO blog at http://www.brickpile.com/
>> View my photos at http://flickr.com/photos/billward/
>> Follow me at http://twitter.com/williamward

________________________________

No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1204 / Virus Database: 1435/3446 - Release Date: 02/15/11

Reply via email to