CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
Search Posts SEARCH
Who's Online WHO'S
Log in LOG

Home: Perl Programming Help: Advanced:
DBMs, Speed, & Security



Jul 30, 2000, 8:51 PM

Post #1 of 5 (3587 views)
DBMs, Speed, & Security Can't Post

I am considering using separate DBM databases to 1) store names and passwords and 2) store script settings. Database #1 would have around 15 entries and would be accessed no more than 50 times a day. Database #2 would have 25 entries, no more no less, and be accessed thousands of times a day. Both databases contain sensitive infomation and I want to be sure that it is secure AND fast-loading. Should I stick with DBM?, put both data in 1 database?, use encrypted text files?, or something else? I need some professional advise on this dilemma please. Thanks in advance.

Focus Web Services - Auto Updater


Jul 30, 2000, 10:54 PM

Post #2 of 5 (3587 views)
Re: DBMs, Speed, & Security [In reply to] Can't Post

If you're truly concerned about speed, database this small may be better stored in flat files. As long as the file is less then whatever the pagesize is for whatever environment you're running in (8K is typical), then you can suck in the entire "database" in one read. Since most implementations of DBM split out index and data, at minimum you're looking at an extra open and an extra page read per record retrieved.

For either flatfile or DBM, if you're mixing modifications in with accesses, you'll need to lock the files. This is a bit trickier with DBM, since access to underlying file handles varies depending on the DBM implementation.

I'll hazard the guess that you'll be happier with flatfile database given your current small data size and relatively low volume requirements.

Encryption is an orthogonal issue. Depending on what web server you're using, there are various techniques for preventing the data files themselves from being visible through the web. What security concerns do you have?


Jul 31, 2000, 12:46 PM

Post #3 of 5 (3587 views)
Re: DBMs, Speed, & Security [In reply to] Can't Post

For the names&password database, I need a way to encrypt the passwords, and not make it visible thru the web

For the script settings, I also don't want it to be visible thru the web.

Otherwise, if a user found the contents of either file, he/she could cause abuse the script.

Focus Web Services - Auto Updater


Jul 31, 2000, 1:50 PM

Post #4 of 5 (3587 views)
Re: DBMs, Speed, & Security [In reply to] Can't Post

crypt() is one way to encrypt passwords. It's described in perlfunc. Try

perldoc -f crypt

at your favorite command prompt.

Rendering files web-invisible depends on your web server. The weakest way to go is "security by obscurity". Put the files in a hard-to-guess subdirectory that is known only to your CGI scripts. In particular, make sure there aren't any links to the subdirectory in your HTML. Crude, but effective.

User / Moderator

Jul 31, 2000, 3:06 PM

Post #5 of 5 (3587 views)
Re: DBMs, Speed, & Security [In reply to] Can't Post

Better yet, put them in a directory outside the web tree. The only way you could get at them then is if someone explicitly made them accessable via symlinks or server aliases.

ie, If everything from /path/to/user/public_html down is web readable, put your files in /path/to/user or /path/to/user/some_dir.


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives