Michael Peppler
Sybase Consulting
Sybase on Linux
Install Guide for Sybase on Linux
General Sybase Resources
General Perl Resources
BCP Tool
Bug Tracker
Mailing List Archive
Downloads Directory
Sybase on Linux FAQ
Sybperl FAQ
Michael Peppler's resume

sybperl-l Archive

Up    Prev    Next    

From: Michael Peppler <mpeppler at MBAY dot NET>
Subject: Re: I need a simple encryption subroutine, to encrypt/decrypt a string
Date: Feb 18 1999 5:09PM

>>>>> "Steve" == Steve Allen  writes:

Steve> Chris, I have a form created in html which a password is input,
Steve> this form will be used by many people to access the
Steve> application, I then need to use the POST method in cgi which
Steve> executes the main perl script diary application.  the problem
Steve> is the password is passed as a variable in the query string and
Steve> only this user would see the password on how leaving his desk
Steve> leaves his password is wide open as it will show in the
Steve> browser. this password is the main password to access the
Steve> SQLSERVER database. the simplest method is to encript the
Steve> password when passed to the second perl script using "POST"
Steve> method then when the diary is regularly refreshed the password
Steve> which will then be bookmarked will show the variable and the
Steve> encripted password, when the variable is checked it can then be
Steve> decrypted and used to access the database

Steve> so all I need is a bit of perl to read the string, and convert
Steve> to something, and then be able to unconvert when database
Steve> connection is required.

Steve> I am not to sure how to manipulate a string in perl like you
Steve> would do in C ie newstr[i] = oldstr[i] + 'A' for instance

Well you could use some simple obfuscation if the purpose is only to
prevent casual users from getting at the password.

You could also store the password in a cookie - that way it's only
visible in the cookie file IF you set a time limit. Otherwise the
cookie is stored in the browser's memory and can't be accessed by any
outside agency (or at least not easily - there *may* be some funky
javascript that you could use to list cookies - I haven't fully
investigated that sort of thing).


Steve> Regards Steve.

Steve> Chris Jack wrote:

>> I am not clear why you need encryption. Are you worried about some
>> security problem - if so what? What operating system are you using?
>> Is it the case that what you need is a mechanism whereby you invoke
>> an application with a password. Furthermore you do not want people
>> to eavesdrop upon that password. If so, how do believe people would
>> do this in your environment? If your problem is simply that you
>> pass the password on the command line and people can then do
>> process listings to view it, there are other mechanisms you could
>> use to pass the password. For instance you could invoke the Perl
>> script as a pipe and pass the password on STDIN.
>> In a more general sense, it is easier to advise on a solution to a
>> problem if you give complete details of the problem rather than
>> asking for advice on implementing one possible solution.
>> Chrisj
>> -----Original Message----- From: Steve Allen
>> [] Sent: Thursday, February 18, 1999 3:11 PM
>> To: Cc: SybPerl Discussion List Subject: Re: I
>> need a simple encryption subroutine, to encrypt/decrypt a string
>> Chris Jack wrote:
>> > Perl has a function called crypt() that you could look at but
>> that only > does encryption (why do you need to
>> decrypt?). Alternatively you could get > PGP off the net. You could
>> also try looking at the secure_rpc routines if > they are available
>> on your platform.  > > It would be useful if you could give a
>> little bit more information about > what you are trying to
>> achieve. Do you want to force users to access Sybase > only through
>> applications controlled by you or what?
>> I need to pass the information between forms ie perl/sybperl script
>> which access a database. Based on selections made it reconnects to
>> the db, currently this is passed on the query string but I need to
>> encrypt/decrypt when I read the variable I need to decrypt it so I
>> can access the database as the user.  A main entry form takes the
>> original password
>> Kind Regards Steve Allen.

Steve> -- Sybase (UK) LTD email: Sybase Court
Steve> direct: 01628 597130 Crown Lane tel: 01628 597111 Maidenhead
Steve> fax: 01628 597112 Berkshire http: SL6 8QZ

Michael Peppler         -||-  Data Migrations Inc.       -||-
Int. Sybase User Group  -||-
Sybase on Linux mailing list: