On Monday 28 February 2005 13:52, Gael Lams wrote:
> Simon, I read your post regarding the use of a C
> program and I would be interested in having some more
> details as we started thinking about implementing
> something similar.
Unfortunately I've misplaced the program I'd used in the past to do this. It
was written by a colleague at a workplace we've now both left. As an
exercise I've tried to re-implement it myself. The source code is inline at
the end of this message. Note I'm still learning C so it may be worth
getting someone more experienced to check it over before setting it suid
and using it in a secure environment! - it does appear to work however. It
may be worth considering one of the many C libs already written for
accessing config information as well...
> Our idea is to 'obfuscate' the password in some way
> and then process the value to get back to the plain
> text password.
I don't know that this would be much help - if someone can read the file the
passwords are in it is likely they can read and copy the executable that
reads that file. Running the executable themselves they will be able to
figure out the obfuscation used... Still any obstacle is an obstacle!
> In order to perform the connection to Oracle, the php
I liked Jason's suggestion of setting the password in an apache config file
that was only readable by root which has the same benefits as my suggestion
but much simpler. I didn't realise you could do that.
AFAICT the feature to set a default password, user etc doesn't seem to be
available for Oracle connections. Although I'm going to investigate that
further as I'm working with oracle at the moment.
cheers Simon
-----------
keyinfo.c:
/*
* keyinfo.c:
*
* Retrieve information from a config file.
*
* Reads a text file. Splits each line on the first whitespace. If the token
* before the whitespace matches the program's argument everything after the
* whitespace up until the end of line is returned. Processing of further
lines
* stops on the first match.
* Lines starting # are ignored.
*
* $Id: keyinfo.c,v 1.3 2005/02/28 18:30:12 sr Exp $
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
/* hard coded location of the file which contains secret information */
#define SECRETS_FILE "/etc/keyinfo.conf"
/* maximum length of lines in the secrets file */
#define MAX_LINE_LENGTH 80
int main ( int argc, char *argv[] )
{
FILE *in_fileh;
char buffer[MAX_LINE_LENGTH + 1];
char *sought_key;
char *key, *value;
char delimiter_chars[] = " \t";
/* check a single parameter was passed */
if ( argc != 2 ) {
fprintf( stderr, "Required single command argument not supplied\n" );
exit( 8 );
}
else {
sought_key = argv[1];
}
/* open keyinfo.conf file */
in_fileh = fopen( SECRETS_FILE, "r" );
if ( in_fileh == NULL ) {
fprintf( stderr, "Error: Unable to open file %s\n", SECRETS_FILE );
exit( 8 );
}
/* read lines in file looking for key match */
while ( fgets( buffer, sizeof( buffer ), in_fileh ) ) {
/* skip lines that start with # */
if ( buffer[0] == '#' ) {
continue;
}
key = strtok( buffer, delimiter_chars );
value = strtok( NULL, delimiter_chars );
if ( strcmp( key, sought_key ) == 0 ) {
/* remove trailing \n from value and print to stdout */
value[ strlen( value ) - 1 ] = '\0';
printf( "%s", value );
break;
}
}
fclose( in_fileh );
exit( 0 );
}
-----------
/etc/keyinfo.conf:
# database 1 password
db1_pass 6dioqlFq
# database 2
db2_pass xx55usp
-----------
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Simon Rees | tech-lists@xxxxxxxxxxxxxxxx |
ORA-03113: end-of-file on communication channel
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
