Antwort: Re: clear-text passwords in shell/perl scripts

[Carsten Kuckuk <ck () rib de>]

Mabe you can put the database in charge. You'd rewrite your script as a 
trigger on a dummy table and have the trigger do all the critical stuff. 
Oracle has a complete JVM inside the database, and Microsoft a CLR. So 
your cron script would log into the database using a locked down account 
that can only, access one table. This table would have a trigger connected 
to it that would then start the real, critical work. Depending on the 
options that the database trigger programming language offers you, you 
could either put the whole script inside the trigger, or have the trigger 
create the data that the real script needs to perform its duty, and then 
call the real script from within the database. This way, the user/password 
pair that a hacker could find, would only allow the hacker to access a 
worthless table and trigger the trigger, but nothing else.

Carsten




Liran Cohen <theog () artnet co il>
21.03.2005 13:43

 
        An:     Jeff Robertson <Jeff.Robertson () DigitalInsight com>
        Kopie:  "Webappsec (E-mail)" <webappsec () securityfocus com>
        Thema:  Re: clear-text passwords in shell/perl scripts


Hi Jeff,

I don't really know what database u'r using , but maybe using PKI?

TheOg
Jeff Robertson wrote:

> Say that a perl script needs access to a database, and access to this
> database requires a password. The script needs to run automatically with 
no
> human intervention, so it is not possible to prompt a user to enter the
> password at run time. This means that the password must either be in the
> script itself or in a file readable by the script.
>
> I have been asked what can be done to protect this password from falling
> into the wrong eyes. My recommendation is to tightly control read
> permissions to the script and/or the file that contains the password. 
Make
> the file owned by a special-purpose user who only exists to run this 
script,
> and chmod it to 600. That sort of thing.
>
> It has been suggested to encrypt the password. Since the script needs to 
get
> the clear text of the passwords in order to use them, this will need to 
be
> symmetric encryption and the script will need to have the key available,
> presumably stored in yet another file. As there would be no way to keep 
the
> key from being stolen other than to use the file permissions that were 
being
> relied on previously, you've just increased the complexity of the system
> without actually making it any more secure. This is bad. You'd be better 
off
> sticking with the simpler solution, since the security is the same either
> way.
>
> Can anyone either refute or provide further points in support of my 
stance
> on this?
>
> Jeff Robertson
> Manager of Web Application Security
> Digital Insight