Perl, MySQL, and myadmin.cgi

Sat, 21 Sep 2002 09:13:33 -0700 

Hi Perl coders,

If you use Perl/MySQL a web-based front-end to MySQL
can make DB administration much smoother.

Ever use myadmin.cgi, by Ron Savage?
http://savage.net.au/Perl-tutorials.html

The username and password are written into each
page in hidden tags in the clear. I wrote the following
sub to "hide" them.

sub obfuscate
{
my ($type,  $str) = @_ ;
my ($in, $undo, $tmp) = '';
my @jnk;
my $script = 'myadmin.cgi';  # basename($0)

    if ( $type ==1 ) {
     $in = sprintf("%07u", rand(1000000)); 
   my @key ;
   
# expand the key to fit input string
   my $ky = $script x (int( length( $in . $str) / length($script)));
    $ky .= substr( $script ,0, length( $in . $str) % length($script));
   #print $in . $str, "\n$ky \n";

   @key = split //, $ky;

   my @tk = split //, $in . $str;

   for my $i ( 0 .. @tk -1 ) {
      $tk[$i] = $key[$i] ^ $tk[$i]; 

   }     
    $tmp = unpack( "H*", join('', @tk));
    }
    else {
# tokenize the input hex string
(@jnk) = $str =~ /\w{2}/ig;
    
    #print "len= ",$#jnk, "\n",  join( "|", @jnk), "\n";
    
    @jnk = map{ chr(hex($_)) } @jnk;

# expand the key to fit the tokenized input string
    my $ky = $script x (int( @jnk / length($script)));
    $ky .= substr( $script ,0, @jnk % length($script));
   #print join('', @jnk), "\n$ky \n";
   my @key ;

   @key = split //, $ky;
    
    #$undo  = pack("C*" , @jnk  );
    for my $i ( 0 .. @jnk -1 ) {
      $jnk[$i] = $key[$i] ^ $jnk[$i]; 

   }
    $undo  = join( '', @jnk); #pack("C*" , @jnk  );
    $tmp = substr( $undo  ,7 );    
    }
    return $tmp;
} # end sub obfuscate

Then I use a hidden tag IsClear in the login page to flag
that the info is clear text. When the username and password
are passed from the login page, they are immediately obfuscated.

if ( defined( $q -> param('IsClear'))) {
    $$option{'username'} = obfuscate(1, $$option{'username'} );
    $$option{'password'} = obfuscate(1, $$option{'password'} );

}

Then unobfuscate them when connecting to the DB -- change the
1 -> 0.

regards,
Mark Pryor
ICQ 64329574
Pgp KeyID: 0x1A966EC5




_______________________________________________
Perl-Win32-Web mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs

Reply via email to