[BLUG] A Couple Questions

Simon Ruiz blug_at_mailman.cs.indiana.edu
Wed, 31 Jan 2007 11:19:54 -0500 

Does this all apply to bash scripts in some way I'm missing?
 
I don't know up front what username and passwords might be used for theoretical scripts in the future. I know that the joining of a workstation to the Active Directory Domain requires an Administrative User's (my) login, but that's a ways in the future, and anyhow I don't want to put my personal login and password in plaintext anywhere permanently in the filesystem. I figured if I needed to run something that required that information, I'd rather scp it to the machine, execute it, and then promptly rm it.
 
Could this apply to local file used to invoke sudo privileges without intervention?
 
And, while we're at it. Is any of this secure if a student decides to boot to a Live CD and browse the filesystem????
 
Hope this finds you all doing well!
 
Simón

________________________________

From: blug-admin_at_cs.indiana.edu on behalf of Gaddis, Jeremy L.
Sent: Wed 1/31/2007 10:38 AM
To: blug_at_cs.indiana.edu
Subject: RE: [BLUG] A Couple Questions



I do something similar, but not quite to that extent.

Each web application has a file under /etc/webapps/ which is a simple
PHP, e.g.:

<?
        $dbhost         = "dbserver.example.com";
        $dbuser         = "username";
        $dbpass         = "password";
        $dbname         = "database";
?>

And then I just put an "include /etc/webapps/file.php;" at the top of
the scripts that need it.

Different road, same destination.  =)

--
Jeremy L. Gaddis
Network Administrator
812.330.6156 (w)  812.391.0358 (m)


-----Original Message-----
From: blug-admin_at_cs.indiana.edu [mailto:blug-admin_at_cs.indiana.edu] On
Behalf Of Mark Krenz
Sent: Wednesday, January 31, 2007 9:20 AM
To: blug_at_cs.indiana.edu
Subject: Re: [BLUG] A Couple Questions


  You need to read this:

http://www.suso.org/docs/databases/saferdbpasswords.sdf

  I came up with this method years ago and it works well.  You don't
even
need to be a hosting provider to use it.  Keeping the password in a
seperate file and protecting that file works well for a variety of
reasons.

  I've thought about making an RFC for it at times, but somehow that
seems scary.  Plus I need more professional feedback on the method.

Mark