PEPPLER.ORG
Michael Peppler
Sybase Consulting
Menu
Home
Sybase on Linux
Install Guide for Sybase on Linux
General Sybase Resources
General Perl Resources
Freeware
Sybperl
Sybase::Simple
DBD::Sybase
BCP Tool
Bug Tracker
Mailing List Archive
Downloads Directory
FAQs
Sybase on Linux FAQ
Sybperl FAQ
Personal
Michael Peppler's resume

sybperl-l Archive

Up    Prev    Next    

From: Michael Peppler <mpeppler at MBAY dot NET>
Subject: Re: I need a simple encryption subroutine, to encrypt/decrypt a string
Date: Feb 18 1999 5:09PM

>>>>> "Steve" == Steve Allen  writes:

Steve> Chris, I have a form created in html which a password is input,
Steve> this form will be used by many people to access the
Steve> application, I then need to use the POST method in cgi which
Steve> executes the main perl script diary application.  the problem
Steve> is the password is passed as a variable in the query string and
Steve> only this user would see the password on how leaving his desk
Steve> leaves his password is wide open as it will show in the
Steve> browser. this password is the main password to access the
Steve> SQLSERVER database. the simplest method is to encript the
Steve> password when passed to the second perl script using "POST"
Steve> method then when the diary is regularly refreshed the password
Steve> which will then be bookmarked will show the variable and the
Steve> encripted password, when the variable is checked it can then be
Steve> decrypted and used to access the database

Steve> so all I need is a bit of perl to read the string, and convert
Steve> to something, and then be able to unconvert when database
Steve> connection is required.

Steve> I am not to sure how to manipulate a string in perl like you
Steve> would do in C ie newstr[i] = oldstr[i] + 'A' for instance

Well you could use some simple obfuscation if the purpose is only to
prevent casual users from getting at the password.

You could also store the password in a cookie - that way it's only
visible in the cookie file IF you set a time limit. Otherwise the
cookie is stored in the browser's memory and can't be accessed by any
outside agency (or at least not easily - there *may* be some funky
javascript that you could use to list cookies - I haven't fully
investigated that sort of thing).

Michael



Steve> Regards Steve.

Steve> Chris Jack wrote:

>> I am not clear why you need encryption. Are you worried about some
>> security problem - if so what? What operating system are you using?
>> 
>> Is it the case that what you need is a mechanism whereby you invoke
>> an application with a password. Furthermore you do not want people
>> to eavesdrop upon that password. If so, how do believe people would
>> do this in your environment? If your problem is simply that you
>> pass the password on the command line and people can then do
>> process listings to view it, there are other mechanisms you could
>> use to pass the password. For instance you could invoke the Perl
>> script as a pipe and pass the password on STDIN.
>> 
>> In a more general sense, it is easier to advise on a solution to a
>> problem if you give complete details of the problem rather than
>> asking for advice on implementing one possible solution.
>> 
>> Chrisj
>> 
>> -----Original Message----- From: Steve Allen
>> [SMTP:sallen@sybase.com] Sent: Thursday, February 18, 1999 3:11 PM
>> To: jackc@rabo-bank.com Cc: SybPerl Discussion List Subject: Re: I
>> need a simple encryption subroutine, to encrypt/decrypt a string
>> 
>> Chris Jack wrote:
>> 
>> > Perl has a function called crypt() that you could look at but
>> that only > does encryption (why do you need to
>> decrypt?). Alternatively you could get > PGP off the net. You could
>> also try looking at the secure_rpc routines if > they are available
>> on your platform.  > > It would be useful if you could give a
>> little bit more information about > what you are trying to
>> achieve. Do you want to force users to access Sybase > only through
>> applications controlled by you or what?
>> 
>> I need to pass the information between forms ie perl/sybperl script
>> which access a database. Based on selections made it reconnects to
>> the db, currently this is passed on the query string but I need to
>> encrypt/decrypt when I read the variable I need to decrypt it so I
>> can access the database as the user.  A main entry form takes the
>> original password
>> 
>> Kind Regards Steve Allen.

Steve> -- Sybase (UK) LTD email: sallen@sybase.com Sybase Court
Steve> direct: 01628 597130 Crown Lane tel: 01628 597111 Maidenhead
Steve> fax: 01628 597112 Berkshire http: www.sybase.com SL6 8QZ



-- 
Michael Peppler         -||-  Data Migrations Inc.
mpeppler@mbay.net       -||-  http://www.mbay.net/~mpeppler
Int. Sybase User Group  -||-  http://www.isug.com
Sybase on Linux mailing list: ase-linux-list@isug.com