LPM: hiding passwords in scripts
fprice at upended.org
Thu Sep 7 12:28:45 CDT 2000
[This question is more general than just perl; please excuse :-]
Sometimes I write scripts which require a username/password for
authentication. E.g., using Net::Telnet it needs to login as a user,
or login to a POP server, or login to a DB etc. If I want the script
to be completely automated then it needs to store the password
I'm uncomfortable storing the pw in cleartext in the script itself.
I'm even uncomfortable storing it as cleartext in a config file
readable only by the invoking user.
Storing it encrypted seems ideal, but of course then the problem is
decrypting it, since the script (really the server on the other side)
requires the pw in cleartext. The crypt() call will encrypt it just
fine but can't decrypt an encrypted string.
Anyone know of a good solution to this problem? If there's a solution
but no perl module yet, there's a project for us!
Frank Price | fprice at upended.org | www.upended.org/fprice/
GPG key: www.upended.org/fprice/gpg.asc | E Pluribus Unix
More information about the Lexington-pm