如何存储在 Perl 脚本中加密的数据库密码?
[英]How to store Database Password encrypted in Perl script?
问题描述
I am a newbie in Perl scripting, and I am asked to write a script in Perl programming language to access Database and read a particular table to get one status value.
我是 Perl 脚本的新手,我被要求用 Perl 编程语言编写脚本来访问数据库并读取特定表以获得一个状态值。 In this script, I need to provide the Database connection details which include Password too.在这个脚本中,我需要提供包含密码的数据库连接详细信息。 I want to store this password in an encrypted manner so that anyone reading the script should not identify the password.我想以加密方式存储此密码,以便阅读脚本的任何人都不应识别密码。 Also, the encrypted value should be able to be decrypted in the same script.此外,加密值应该能够在同一个脚本中解密。
Can someone please suggest me how to achieve this?有人可以建议我如何实现这一目标吗?
2 个解决方案
解决方案1
2 2020-06-23 10:14:49
You can't.你不能。 This is literally impossible.这实际上是不可能的。
If the perl script needs to be able to provide the password, it needs to be able to decrypt the password.如果 perl 脚本需要能够提供密码,则它需要能够解密密码。 If it can decrypt the password, so can anyone who uses the script.如果它可以解密密码,那么任何使用该脚本的人都可以。
The closes you can get is to set up some sort of trusted-key authentication, like ssh uses.您可以获得的关闭是设置某种可信密钥身份验证,例如 ssh 使用。 That's reliant on your database supporting it.这取决于您的数据库支持它。 But even then, your client has a private key that functions a lot like a password, that someone with access to the script can get access to the private key, and use that to authenticate themselves.但即便如此,您的客户端也有一个私钥,其功能很像密码,有权访问脚本的人可以访问私钥,并使用它来验证自己。
解决方案2
2 2020-06-23 10:17:17
You can't keep something secret from someone by encrypting it and giving them both the encrypted data and the tools to decrypt it !您无法通过加密某些东西并向他们提供加密数据和解密工具来对某人保密!
Let say your code looked something like this:假设您的代码看起来像这样:
my $crypted = get_encrypted_password();
my $password = decrypt($crypted);
my $connection = connect_to_database($password);
Then it would be trivial for someone to edit that so it looked like:然后有人编辑它是微不足道的,所以它看起来像:
my $crypted = get_encrypted_password();
my $password = decrypt($crypted);
print "The database password is: " . $password;
So that approach just won't work.所以这种方法是行不通的。
You need to put your restrictions in somewhere outside the control of the user.你需要把你的限制放在用户无法控制的地方。
This could be a matter of applying database-level permissions (eg granting only SELECT rights and rights to specific tables — depending on what you want to allow).这可能是应用数据库级权限的问题(例如,仅授予 SELECT 权限和对特定表的权限 - 取决于您要允许的内容)。
This could be a case where you would be better off writing a webservice to run between the database and the client software.在这种情况下,您最好编写一个在数据库和客户端软件之间运行的 Web 服务。 The service could then do authn/authz and provide a very limited set of operations that the client could perform.然后,该服务可以执行 authn/authz 并提供一组非常有限的客户端可以执行的操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.