LPM: hiding passwords in scripts

Frank Price fprice at upended.org
Thu Sep 7 12:28:45 CDT 2000


Hi Lexpm,

[This question is more general than just perl; please excuse :-]

Sometimes I write scripts which require a username/password for
authentication.  E.g., using Net::Telnet it needs to login as a user,
or login to a POP server, or login to a DB etc.  If I want the script
to be completely automated then it needs to store the password
somehow.

I'm uncomfortable storing the pw in cleartext in the script itself.
I'm even uncomfortable storing it as cleartext in a config file
readable only by the invoking user.

Storing it encrypted seems ideal, but of course then the problem is
decrypting it, since the script (really the server on the other side)
requires the pw in cleartext.  The crypt() call will encrypt it just
fine but can't decrypt an encrypted string.  

Anyone know of a good solution to this problem?  If there's a solution
but no perl module yet, there's a project for us!

Thanks,

-Frank.
-- 
Frank Price | fprice at upended.org | www.upended.org/fprice/
GPG key: www.upended.org/fprice/gpg.asc | E Pluribus Unix




More information about the Lexington-pm mailing list