|
|
sybperl-l Archive
Up Prev Next
From: Steve Allen <sallen at sybase dot com>
Subject: Re: I need a simple encryption subroutine, to encrypt/decrypt a string
Date: Feb 18 1999 4:50PM
Chris,
I have a form created in html which a password is input, this form will be used by
many people to access the application, I then need to use the POST method in cgi
which executes the main perl script diary application.
the problem is the password is passed as a variable in the query string and only
this user would see the password on how leaving his desk leaves his password is
wide open as it will show in the browser. this password is the main password to
access the SQLSERVER database. the simplest method is to encript the password when
passed to the second perl script using "POST" method then when the diary is
regularly refreshed the password which will then be bookmarked will show the
variable and the encripted password, when the variable is checked it can then be
decrypted and used to access the database
so all I need is a bit of perl to read the string, and convert to something, and
then be able to unconvert when database connection is required.
I am not to sure how to manipulate a string in perl like you would do in C
ie newstr[i] = oldstr[i] + 'A' for instance
Regards
Steve.
Chris Jack wrote:
> I am not clear why you need encryption. Are you worried about some security
> problem - if so what? What operating system are you using?
>
> Is it the case that what you need is a mechanism whereby you invoke an
> application with a password. Furthermore you do not want people to
> eavesdrop upon that password. If so, how do believe people would do this in
> your environment? If your problem is simply that you pass the password on
> the command line and people can then do process listings to view it, there
> are other mechanisms you could use to pass the password. For instance you
> could invoke the Perl script as a pipe and pass the password on STDIN.
>
> In a more general sense, it is easier to advise on a solution to a problem
> if you give complete details of the problem rather than asking for advice
> on implementing one possible solution.
>
> Chrisj
>
> -----Original Message-----
> From: Steve Allen [SMTP:sallen@sybase.com]
> Sent: Thursday, February 18, 1999 3:11 PM
> To: jackc@rabo-bank.com
> Cc: SybPerl Discussion List
> Subject: Re: I need a simple encryption subroutine, to encrypt/decrypt a
> string
>
> Chris Jack wrote:
>
> > Perl has a function called crypt() that you could look at but that only
> > does encryption (why do you need to decrypt?). Alternatively you could
> get
> > PGP off the net. You could also try looking at the secure_rpc routines if
> > they are available on your platform.
> >
> > It would be useful if you could give a little bit more information about
> > what you are trying to achieve. Do you want to force users to access
> Sybase
> > only through applications controlled by you or what?
>
> I need to pass the information between forms ie perl/sybperl script which
> access a
> database. Based on selections made it reconnects to the db, currently this
> is passed
> on the query string but I need to encrypt/decrypt when I read the variable
> I need to
> decrypt it so I can access the database as the user.
> A main entry form takes the original password
>
> Kind Regards
> Steve Allen.
--
Sybase (UK) LTD email: sallen@sybase.com
Sybase Court direct: 01628 597130
Crown Lane tel: 01628 597111
Maidenhead fax: 01628 597112
Berkshire http: www.sybase.com
SL6 8QZ
|
