PEPPLER.ORG
Michael Peppler
Sybase Consulting
Menu
Home
Sybase on Linux
Install Guide for Sybase on Linux
General Sybase Resources
General Perl Resources
Freeware
Sybperl
Sybase::Simple
DBD::Sybase
BCP Tool
Bug Tracker
Mailing List Archive
Downloads Directory
FAQs
Sybase on Linux FAQ
Sybperl FAQ
Personal
Michael Peppler's resume

sybperl-l Archive

Up    Prev    Next    

From: Steve Allen <sallen at sybase dot com>
Subject: Re: I need a simple encryption subroutine, to encrypt/decrypt a string
Date: Feb 18 1999 4:50PM

Chris,

I have a form created in html which a password is input, this form will be used by
many people to access the application, I then need to use the POST method in cgi
which executes the main perl script diary application.
the problem is the password is passed as a variable in the query string and only
this user would see the password on how leaving his desk leaves his password is
wide open as it will show in the browser. this password is the main password to
access the SQLSERVER database. the simplest method is to encript the password when
passed to the second perl script using "POST" method then when the diary is
regularly refreshed the password which will then be bookmarked will show the
variable and the encripted password, when the variable is checked it can then be
decrypted and used to access the database

so all I need is a bit of perl to read the string, and convert to something, and
then be able to unconvert when database connection is required.

I am not to sure how to manipulate a string in perl like you would do in C
ie newstr[i] = oldstr[i] + 'A' for instance



Regards
Steve.

Chris Jack wrote:

> I am not clear why you need encryption. Are you worried about some security
> problem - if so what? What operating system are you using?
>
> Is it the case that what you need is a mechanism whereby you invoke an
> application with a password. Furthermore you do not want people to
> eavesdrop upon that password. If so, how do believe people would do this in
> your environment? If your problem is simply that you pass the password on
> the command line and people can then do process listings to view it, there
> are other mechanisms you could use to pass the password. For instance you
> could invoke the Perl script as a pipe and pass the password on STDIN.
>
> In a more general sense, it is easier to advise on a solution to a problem
> if you give complete details of the problem rather than asking for advice
> on implementing one possible solution.
>
> Chrisj
>
> -----Original Message-----
> From:   Steve Allen [SMTP:sallen@sybase.com]
> Sent:   Thursday, February 18, 1999 3:11 PM
> To:     jackc@rabo-bank.com
> Cc:     SybPerl Discussion List
> Subject:        Re: I need a simple encryption subroutine, to encrypt/decrypt a
> string
>
> Chris Jack wrote:
>
> > Perl has a function called crypt() that you could look at but that only
> > does encryption (why do you need to decrypt?). Alternatively you could
> get
> > PGP off the net. You could also try looking at the secure_rpc routines if
> > they are available on your platform.
> >
> > It would be useful if you could give a little bit more information about
> > what you are trying to achieve. Do you want to force users to access
> Sybase
> > only through applications controlled by you or what?
>
> I need to pass the information between forms ie perl/sybperl script which
> access a
> database. Based on selections made it reconnects to the db, currently this
> is passed
> on the query string but I need to encrypt/decrypt when I read the variable
> I need to
> decrypt it so I can access the database as the user.
> A main entry form takes the original password
>
> Kind Regards
> Steve Allen.

--
Sybase (UK) LTD                         email:  sallen@sybase.com
Sybase Court                            direct: 01628 597130
Crown Lane                              tel:    01628 597111
Maidenhead                              fax:    01628 597112
Berkshire                                       http: www.sybase.com
SL6 8QZ