Up Prev Next
From: "Chris Jack" <jackc at rabo-bank dot com>
Subject: RE: I need a simple encryption subroutine, to encrypt/decrypt a string
Date: Feb 18 1999 5:30PM
I am not a particular expert on CGI/HTML so I think I will bow out of this
conversation after this contribution however?
If I understand you, you want users to be able to book mark pages, but have
the password only visible in encrypted form. (As an aside this would imply
that whatever encryption algorithm you use would have to be modified to
output in displayable characters). However?
Unless there is something I don't know, this would not provide secure
access as another user could type in the complete book mark including the
encrypted password and still gain access. You also need to restrict access
to screens with displayed encrypted passwords so they can only be accessed
via a screen where a password needs to be typed (if that is possible).
Furthermore, if you want good encryption security, you would have to keep
the encryption algorithm + encryption seed secret (and have good reason to
believe that they could not be derived by users using 'weak' passwords or
other techniques). Changing the encryption seed would invalidate any book
Anyway, if you are still after an encryption algorithm for Perl, my advice
remains the same - get PGP from the net somewhere and link it in.
From: Steve Allen [SMTP:email@example.com]
Sent: Thursday, February 18, 1999 4:51 PM
Cc: 'Steve Allen'; SybPerl Discussion List
Subject: Re: I need a simple encryption subroutine, to encrypt/decrypt a
I have a form created in html which a password is input, this form will be
many people to access the application, I then need to use the POST method
which executes the main perl script diary application.
the problem is the password is passed as a variable in the query string and
this user would see the password on how leaving his desk leaves his
wide open as it will show in the browser. this password is the main
access the SQLSERVER database. the simplest method is to encript the
passed to the second perl script using "POST" method then when the diary is
regularly refreshed the password which will then be bookmarked will show
variable and the encripted password, when the variable is checked it can
decrypted and used to access the database
so all I need is a bit of perl to read the string, and convert to
then be able to unconvert when database connection is required.
I am not to sure how to manipulate a string in perl like you would do in C
ie newstr[i] = oldstr[i] + 'A' for instance
Chris Jack wrote:
> I am not clear why you need encryption. Are you worried about some
> problem - if so what? What operating system are you using?
> Is it the case that what you need is a mechanism whereby you invoke an
> application with a password. Furthermore you do not want people to
> eavesdrop upon that password. If so, how do believe people would do this
> your environment? If your problem is simply that you pass the password on
> the command line and people can then do process listings to view it,
> are other mechanisms you could use to pass the password. For instance you
> could invoke the Perl script as a pipe and pass the password on STDIN.
> In a more general sense, it is easier to advise on a solution to a
> if you give complete details of the problem rather than asking for advice
> on implementing one possible solution.
> -----Original Message-----
> From: Steve Allen [SMTP:firstname.lastname@example.org]
> Sent: Thursday, February 18, 1999 3:11 PM
> To: email@example.com
> Cc: SybPerl Discussion List
> Subject: Re: I need a simple encryption subroutine, to
> Chris Jack wrote:
> > Perl has a function called crypt() that you could look at but that only
> > does encryption (why do you need to decrypt?). Alternatively you could
> > PGP off the net. You could also try looking at the secure_rpc routines
> > they are available on your platform.
> > It would be useful if you could give a little bit more information
> > what you are trying to achieve. Do you want to force users to access
> > only through applications controlled by you or what?
> I need to pass the information between forms ie perl/sybperl script which
> access a
> database. Based on selections made it reconnects to the db, currently
> is passed
> on the query string but I need to encrypt/decrypt when I read the
> I need to
> decrypt it so I can access the database as the user.
> A main entry form takes the original password
> Kind Regards
> Steve Allen.
Sybase (UK) LTD email: firstname.lastname@example.org
Sybase Court direct: 01628 597130
Crown Lane tel: 01628 597111
Maidenhead fax: 01628 597112
Berkshire http: www.sybase.com