D
David Filmer
I have (for example) a Perl script that connects to a database (or FTP site,
etc). The database (or ftp) password is either hard-coded (in clear text) in
the script or contained in an external configuration file (which must be
readable by the effective uid of the script).
Someone who was able to browse the code could easily determine the password.
That's a Bad Thing.
I could trivially obfuscate it (rot13, etc) but that would only thwart the
truly ignorant. The password could be symmetrically encrypted, but the
script somehow needs to determine the encryption key (and the idly curious
could determine this as well by reading the code).
How can I shield the database (ftp, etc) password from prying eyes?
etc). The database (or ftp) password is either hard-coded (in clear text) in
the script or contained in an external configuration file (which must be
readable by the effective uid of the script).
Someone who was able to browse the code could easily determine the password.
That's a Bad Thing.
I could trivially obfuscate it (rot13, etc) but that would only thwart the
truly ignorant. The password could be symmetrically encrypted, but the
script somehow needs to determine the encryption key (and the idly curious
could determine this as well by reading the code).
How can I shield the database (ftp, etc) password from prying eyes?