develooper Front page | perl.perl6.language | Postings from July 2005

Re: DBI v2 - The Plan and How You Can Help

Thread Previous | Thread Next
Maxim Sloyko
July 6, 2005 05:22
Re: DBI v2 - The Plan and How You Can Help
Message ID:
Steve Sapovits wrote:
> Maxim Sloyko wrote:
>> I don't think this solves the problem, because what I usually want is 
>> the user to be able to use the application, but unable to see the DB 
>> password. So the user should have "read" permission set for the file, 
>> but on the other hand he shouldn't. It's not not a problem for Web 
>> App, though.
> Storing passwords encrypted, decrypting before using doesn't cover this?
> I've played around with Crypt::CBC (and different ciphers) for this sort
> of thing but admittedly have not applied this to any production systems
> yet.  You still have a key somewhere to hide/obscure.  You can also use
> Perl source filters to totally encrypt the source -- something else I've
> done but not in production.  Just some things you may want to look at ...

Well, I mostly do Web apps, so it is not a problem since user can't see 
code. If the user can see the code, can find a password int it and 
understand what password is this, then there is no way encryption can 
help much (storing keys etc. as you pointed it out.), because this kind 
of user can figure it all out, if he wants to.

  But this is not the point. The point was that usage of some file with 
passwords by *DEFAULT* is not the way to go, IMHO. It raises more 
problems than it solves.

Maxim Sloyko

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About