neocytrix Posted March 24, 2004 Share Posted March 24, 2004 Hello, I was wondering, if I want to write a perl program which asks the user to put in a password, is there any way to prevent the user from getting the password from the source? Perhaps encryption or somthing along those lines. -Neocytrix Link to comment Share on other sites More sharing options...
paul Posted March 25, 2004 Share Posted March 25, 2004 md5 thispass = affad8802842c213a7a7c09d6cb0403a store that as your password in the perl script then ask the user for thier password then compare the two $encrypted_pass = "affad8802842c213a7a7c09d6cb0403a" if (md5"$users_password"== $encrypted_pass) { print "good password"; } else { print "bad password"; } at least that's kinda how I would do it in PHP :) Link to comment Share on other sites More sharing options...
aru Posted March 25, 2004 Share Posted March 25, 2004 (edited) Where is thought to be run that command? depending on what do you want to do paul's advice is good or not. For example, in a server application where the user has no access to the source code of the program (ie php, or perl CGIs) paul's advice is great. But for a 'system' application (versus server-client app) that advice if it is not combined with permission/group restrictions is useless. Nothing avoids a bad minded user to copy your perl program to a less restrictive area of the system and change the source code, ie: $encrypted_pass = "affad8802842c213a7a7c09d6cb0403a" if (1==1) { print "good password"; } else { print "bad password"; } and then execute it's own copy of the program skiping the protection So, what kind of program will be? where, who and for what is thought to be executed? and perl is a must be or you can code in a compiled language? If that program is a 'system' program in Linux/Unix the security is granted by a permission and user/group id system. I suggest you to follow this system, it has been tested during years. If you can't then use a compiled langauge to hide the source code. :) Edited March 25, 2004 by aru Link to comment Share on other sites More sharing options...
paul Posted March 26, 2004 Share Posted March 26, 2004 good advice aru !!! ;) I was thinking this is for a website, which is how I would do it. for system script I ABSOLUTELY use user permissions Link to comment Share on other sites More sharing options...
aru Posted March 26, 2004 Share Posted March 26, 2004 That's what here is called 'professional deformation', you are the resident web/php guru and as you know I'm a bash junkie. Each one has his own point of view of a question in function of his obsessions Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now