PEPPLER.ORG
Michael Peppler
Sybase Consulting
Menu
Home
Sybase on Linux
Install Guide for Sybase on Linux
General Sybase Resources
General Perl Resources
Freeware
Sybperl
Sybase::Simple
DBD::Sybase
BCP Tool
Bug Tracker
Mailing List Archive
Downloads Directory
FAQs
Sybase on Linux FAQ
Sybperl FAQ
Personal
Michael Peppler's resume

sybperl-l Archive

Up    Prev    Next    

From: Michael Peppler <mpeppler at MBAY dot NET>
Subject: (no subject)
Date: Dec 17 1998 1:35AM

>>>>> "David" == David Hajoglou  writes:

David>         We actually, after I sent this, thought that since we
David> are using a secure session that the user name and passwd of the
David> user(one of our agents) can be referenced into the new
David> sybase::dblib... command.  Do you feel that this is a good
David> method?

Well - normally no-one outside of your site (or even webserver) can
actually *read* the code. So having passwords in the code is not a
security issue in that sense (ie you need shell access to the machine
that runs the webserver, and read permission on the cgi script itself
to be able to read the username/password from the code). So unless you 
have a cgi script on your site that lets a user view any file you
should be perfectly OK.

Michael


David> On Wed, 16 Dec 1998, Michael Peppler wrote:

>> >>>>> "David" == David Hajoglou  writes:
>> 
David> My question is about the dbsetluser and dbsetlpw functions.
David> Where would I run these functions so as to avoid putting plain
David> text user and passwds in the script.
>>  Actually DBSETLUSER and DBSETLPW aren't implemented in
>> Sybase::DBlib. You pass the username and password to the dblogin()
>> or new() calls.
>> 
>> One technique is to store this information in a file that is
>> readable only by the user running the script. In this case,
>> assuming the web server runs as user 'webuser' you would create a
>> file that is readable only by 'webuser' and which has two lines
>> 
>> the_user the_password
>> 
>> (with appropriate values for these two lines, of course) and then
>> your code would do something like
>> 
>> #!/usr/local/bin/perl -w use strict; use Sybase::DBlib; my @data;
>> open(IN, ".the_password_file") || die "ohlala!: $!"; while() {
>> chomp; push(@data, $_); } my $dbh = new Sybase::DBlib $data[0],
>> $data[1]; etc...
>> 
>> This is of course only one of several ways that this can be
>> implemented.  Michael -- Michael Peppler -||- Data Migrations Inc.
>> mpeppler@mbay.net -||- http://www.mbay.net/~mpeppler Int. Sybase
>> User Group -||- http://www.isug.com Sybase on Linux mailing list:
>> ase-linux-list@isug.com
>> 



-- 
Michael Peppler         -||-  Data Migrations Inc.
mpeppler@mbay.net       -||-  http://www.mbay.net/~mpeppler
Int. Sybase User Group  -||-  http://www.isug.com
Sybase on Linux mailing list: ase-linux-list@isug.com