CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Beginner:
Dealing with Text Username and Passwords

 



5pac3m0nk3y
New User

Feb 3, 2017, 5:16 AM

Post #1 of 5 (3188 views)
Dealing with Text Username and Passwords Can't Post

Good morning,
This is my first post. I have a question, but I actually have access to 20 years worth of PERL scripting that I am trying to wrap my head around. Alot of it may be on its way out though.
At any rate, I wonder if anyone has come across this problem where a PERL programmer puts lots of text based usernames and passwords in their PERL scripts, including their own personal username and password.
Then they leave the job, and if you disable their account, its going to possibly break alot of things. If you change the administrative accounts used in AD, it breaks the scripts.
How do you deal with this sort of issue? Is there a way to search through all their scripts to find instances of usernames and passwords which you can change for example?
thanks,
Al


5pac3m0nk3y
New User

Feb 3, 2017, 5:39 AM

Post #2 of 5 (3185 views)
Re: [5pac3m0nk3y] Dealing with Text Username and Passwords [In reply to] Can't Post

I was able to find some possible tools for finding text strings withing many files, inlcuding PERL scripts.

http://stackoverflow.com/questions/317944/tools-to-search-for-strings-inside-files-without-indexing


Laurent_R
Veteran / Moderator

Feb 3, 2017, 9:59 AM

Post #3 of 5 (3179 views)
Re: [5pac3m0nk3y] Dealing with Text Username and Passwords [In reply to] Can't Post


In Reply To
At any rate, I wonder if anyone has come across this problem where a PERL programmer puts lots of text based usernames and passwords in their PERL scripts, including their own personal username and password.


This problem has nothing to do with Perl itself and could be found with many other programming languages. This is poor practice, although the main guilt might not be on the programmer who wrote these things. Many systems don't offer real alternatives (storing user names and passwords in a separate file may seem cleaner, but it is just as bad a security loophole).


5pac3m0nk3y
New User

Feb 3, 2017, 10:27 AM

Post #4 of 5 (3173 views)
Re: [Laurent_R] Dealing with Text Username and Passwords [In reply to] Can't Post

Hi,
Yes you are correct, putting plain text usernames and passwords into scripts is not a PERL issue per se. The old programmer left, and now HR wants us to disable his account. But I'm fairly sure he uses this account to programmatically access computers.
I'm not that worried if it was a good choice, just trying to make sure I can find any instances of plaintext usernames and passwords to make sure we don't break anything if we disable the account. I've seen this sort of thing before in other scripting and programming languages.
I remember the head programmer at my last job was really resistant to removing the admin username and accounts in years of scripts so it could be a big complicated job. I'm not sure.

Notepad++ seems to do the job of searching through files in this way.


(This post was edited by 5pac3m0nk3y on Feb 3, 2017, 11:13 AM)


BillKSmith
Veteran

Feb 3, 2017, 9:06 PM

Post #5 of 5 (3164 views)
Re: [5pac3m0nk3y] Dealing with Text Username and Passwords [In reply to] Can't Post

It should be fairly easy to write a perl program to automate what you are doing with Notepad. It would be a "throw away" script. (i.e. It only has to run once.) You do not have to be concerned about its being fast or easy to maintain. It would not even have to be thoroughly debugged because a small number of false positives could be tolerated. Of course, you would still have to figure out how to solve each problem that this identifies. At least this much can be done without disrupting your service.

Disabling the account is a good idea, but it will probably cause problems which you have not anticipated. Most of those will be due to poor practice. (Not just by the employee who has left.) Be sure to plan time to fix these as they arise.
Good Luck,
Bill

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives