stackoom
  简体   繁体   中英

How to store Database Password encrypted in Perl script?

 原文  2020-06-23 10:09:51       perl

Question

I am a newbie in Perl scripting, and I am asked to write a script in Perl programming language to access Database and read a particular table to get one status value. In this script, I need to provide the Database connection details which include Password too. I want to store this password in an encrypted manner so that anyone reading the script should not identify the password. Also, the encrypted value should be able to be decrypted in the same script.

Can someone please suggest me how to achieve this?

2 answers

solution1
 2  2020-06-23 10:14:49

You can't. This is literally impossible.

If the perl script needs to be able to provide the password, it needs to be able to decrypt the password. If it can decrypt the password, so can anyone who uses the script.

The closes you can get is to set up some sort of trusted-key authentication, like ssh uses. That's reliant on your database supporting it. But even then, your client has a private key that functions a lot like a password, that someone with access to the script can get access to the private key, and use that to authenticate themselves.

solution2
 2  2020-06-23 10:17:17

You can't keep something secret from someone by encrypting it and giving them both the encrypted data and the tools to decrypt it !

Let say your code looked something like this:

my $crypted = get_encrypted_password();
my $password = decrypt($crypted);
my $connection = connect_to_database($password);

Then it would be trivial for someone to edit that so it looked like:

my $crypted = get_encrypted_password();
my $password = decrypt($crypted);
print "The database password is: " . $password;

So that approach just won't work.

You need to put your restrictions in somewhere outside the control of the user.

This could be a matter of applying database-level permissions (eg granting only SELECT rights and rights to specific tables — depending on what you want to allow).

This could be a case where you would be better off writing a webservice to run between the database and the client software. The service could then do authn/authz and provide a very limited set of operations that the client could perform.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to open and edit encrypted perl script? How to ask for password on the Windows console in a Perl script? How to pass password via Perl script Database Password with Perl DBI Try and store last login time for a user in database using perl script How to get rid off Password expiry error message when connecting to Oracle/DB2 Database in solaris shell script/perl program? How could I hide/protect password from a Perl script How can I use Expect to enter a password for a Perl script? How to read password line after pipe input to Perl script How to make sure that password is changed for a user in every 7 days in perl script
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM