Re: Re: password in md5 to connect to mysql instead of clear password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Monday 28 February 2005 13:52, Gael Lams wrote:
> Simon, I read your post regarding the use of a C
> program and I would be interested in having some more
> details as we started thinking about implementing
> something similar.

Unfortunately I've misplaced the program I'd used in the past to do this. It 
was written by a colleague at a workplace we've now both left. As an 
exercise I've tried to re-implement it myself. The source code is inline at 
the end of this message. Note I'm still learning C so it may be worth 
getting someone more experienced to check it over before setting it suid 
and using it in a secure environment! - it does appear to work however. It 
may be worth considering one of the many C libs already written for 
accessing config information as well...

> Our idea is to 'obfuscate' the password in some way
> and then process the value to get back to the plain
> text password.

I don't know that this would be much help - if someone can read the file the 
passwords are in it is likely they can read and copy the executable that 
reads that file. Running the executable themselves they will be able to 
figure out the obfuscation used... Still any obstacle is an obstacle!

> In order to perform the connection to Oracle, the php

I liked Jason's suggestion of setting the password in an apache config file 
that was only readable by root which has the same benefits as my suggestion 
but much simpler. I didn't realise you could do that. 
AFAICT the feature to set a default password, user etc doesn't seem to be 
available for Oracle connections. Although I'm going to investigate that 
further as I'm working with oracle at the moment.

cheers Simon

-----------
keyinfo.c:

/*
 * keyinfo.c:
 *
 * Retrieve information from a config file.
 *
 * Reads a text file. Splits each line on the first whitespace. If the token
 * before the whitespace matches the program's argument everything after the
 * whitespace up until the end of line is returned. Processing of further 
lines
 * stops on the first match.
 * Lines starting # are ignored.
 *
 * $Id: keyinfo.c,v 1.3 2005/02/28 18:30:12 sr Exp $
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

/* hard coded location of the file which contains secret information */

#define SECRETS_FILE "/etc/keyinfo.conf"

/* maximum length of lines in the secrets file */

#define MAX_LINE_LENGTH 80



int main ( int argc, char *argv[] )
{

	FILE *in_fileh;
	char buffer[MAX_LINE_LENGTH + 1];
	char *sought_key;
	char *key, *value;

	char delimiter_chars[] = " \t";

	/* check a single parameter was passed */

	if ( argc != 2 ) {

		fprintf( stderr, "Required single command argument not supplied\n" );

		exit( 8 );
	}
	else {

		sought_key = argv[1];
	}

	/* open keyinfo.conf file */

	in_fileh = fopen( SECRETS_FILE, "r" );

	if ( in_fileh == NULL ) {

		fprintf( stderr, "Error: Unable to open file %s\n", SECRETS_FILE );

		exit( 8 );
	}

	/* read lines in file looking for key match */

	while ( fgets( buffer, sizeof( buffer ), in_fileh ) ) {

		/* skip lines that start with # */

		if ( buffer[0] == '#' ) {

			continue;
		}

		key = strtok( buffer, delimiter_chars );
		value = strtok( NULL, delimiter_chars );

		if ( strcmp( key, sought_key ) == 0 ) {

			/* remove trailing \n from value and print to stdout */

			value[ strlen( value ) - 1 ] = '\0';

			printf( "%s", value );

			break;
		}
	}

	fclose( in_fileh );

	exit( 0 );

}

-----------
/etc/keyinfo.conf:

# database 1 password
db1_pass 6dioqlFq
# database 2
db2_pass			xx55usp

-----------
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Simon Rees  |  tech-lists@xxxxxxxxxxxxxxxx  |
ORA-03113: end-of-file on communication channel
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux