Michael Peppler Sybase Consulting

Menu

Home

Sybase on Linux

Install Guide for Sybase on Linux

General Sybase Resources

General Perl Resources

Freeware

Sybperl

Sybase::Simple

DBD::Sybase

BCP Tool

Bug Tracker

Mailing List Archive

Downloads Directory

FAQs

Sybase on Linux FAQ

Sybperl FAQ

Personal

Michael Peppler's resume

Personal Homepage

sybperl-l Archive

Up Prev Next

From: Michael Peppler <mpeppler at MBAY dot NET>
Subject: (no subject)
Date: Dec 17 1998 1:35AM

>>>>> "David" == David Hajoglou  writes:

David>         We actually, after I sent this, thought that since we
David> are using a secure session that the user name and passwd of the
David> user(one of our agents) can be referenced into the new
David> sybase::dblib... command.  Do you feel that this is a good
David> method?

Well - normally no-one outside of your site (or even webserver) can
actually *read* the code. So having passwords in the code is not a
security issue in that sense (ie you need shell access to the machine
that runs the webserver, and read permission on the cgi script itself
to be able to read the username/password from the code). So unless you 
have a cgi script on your site that lets a user view any file you
should be perfectly OK.

Michael

David> On Wed, 16 Dec 1998, Michael Peppler wrote:

>> >>>>> "David" == David Hajoglou  writes:
>> 
David> My question is about the dbsetluser and dbsetlpw functions.
David> Where would I run these functions so as to avoid putting plain
David> text user and passwds in the script.
>>  Actually DBSETLUSER and DBSETLPW aren't implemented in
>> Sybase::DBlib. You pass the username and password to the dblogin()
>> or new() calls.
>> 
>> One technique is to store this information in a file that is
>> readable only by the user running the script. In this case,
>> assuming the web server runs as user 'webuser' you would create a
>> file that is readable only by 'webuser' and which has two lines
>> 
>> the_user the_password
>> 
>> (with appropriate values for these two lines, of course) and then
>> your code would do something like
>> 
>> #!/usr/local/bin/perl -w use strict; use Sybase::DBlib; my @data;
>> open(IN, ".the_password_file") || die "ohlala!: $!"; while() {
>> chomp; push(@data, $_); } my $dbh = new Sybase::DBlib $data[0],
>> $data[1]; etc...
>> 
>> This is of course only one of several ways that this can be
>> implemented.  Michael -- Michael Peppler -||- Data Migrations Inc.
>> mpeppler@mbay.net -||- http://www.mbay.net/~mpeppler Int. Sybase
>> User Group -||- http://www.isug.com Sybase on Linux mailing list:
>> ase-linux-list@isug.com
>> 

-- 
Michael Peppler         -||-  Data Migrations Inc.
mpeppler@mbay.net       -||-  http://www.mbay.net/~mpeppler
Int. Sybase User Group  -||-  http://www.isug.com
Sybase on Linux mailing list: ase-linux-list@isug.com