Best language for security scripts along side PERL?

[graystar66]

Hello, My name is MechArts, I am working on a website that is based in Perl but i need to write some security protocols into it, Would i be able to do that with perl or should i write them in JavaScript or something? The script will have to pull some information from a user database and verify the credentials. Any thoughts?

 

[dubsickk]

The standard way is to put the credentials into a config file, and attempt to protect the config file from being more readable than the perl file. This offers a moderate increase in security; for example, the code may be in source control and accessible to developers, the config file wouldn't be. The code needs to be in the web server's cgi root, and possibly downloadable under certain misconfigurations, and the config file needn't be.

 

The ambitious way is to reversibly encrypt the credentials and put them into a config file. Of course, anything reversibly encrypted can be decrypted. The BladeLogic application did this, and it was trivial (<1 day) for me to de-compile their Java enough to find out the function to decrypt credentials and use it to decrypt them to my satisfaction. Not a mark against them; that's just the name of the reversibly encrypted game.

 

Another option is to use OS-based authorization in concert with strictly limited database restrictions. For example, limit the database client user's access to a set of stored procedures to limit the potential for abuse, and allow that user to access the database without a password. This doesn't work if you're doing client-server over the network, which limits how often it's useful. Also, people tend to look more askance at "passwordless" OS-user access than they do at writing the password down willy-nilly. It is not completely logical, but there are standards that say all database users must have passwords, so that's that.

Edited by dubsickk, 21 July 2015 - 10:35 AM.

[graystar66]

 

The standard way is to put the credentials into a config file, and attempt to protect the config file from being more readable than the perl file. This offers a moderate increase in security; for example, the code may be in source control and accessible to developers, the config file wouldn't be. The code needs to be in the web server's cgi root, and possibly downloadable under certain misconfigurations, and the config file needn't be.

 

The ambitious way is to reversibly encrypt the credentials and put them into a config file. Of course, anything reversibly encrypted can be decrypted. The BladeLogic application did this, and it was trivial (<1 day) for me to de-compile their Java enough to find out the function to decrypt credentials and use it to decrypt them to my satisfaction. Not a mark against them; that's just the name of the reversibly encrypted game.

 

Another option is to use OS-based authorization in concert with strictly limited database restrictions. For example, limit the database client user's access to a set of stored procedures to limit the potential for abuse, and allow that user to access the database without a password. This doesn't work if you're doing client-server over the network, which limits how often it's useful. Also, people tend to look more askance at "passwordless" OS-user access than they do at writing the password down willy-nilly. It is not completely logical, but there are standards that say all database users must have passwords, so that's that.

 

I need something a bit more solid than that, The website needs to be secure as it will mostly be student using it, I cant have anybody able to break through, As the data on our servers will be very personal. For example it will have student names, grade level, and what school they go to. i cant have information like that being easily accessed would something like a cloudflare help with the protection? The auth is simply to give the user the right level of access to the site. for example faculty will have elevated permissions for somethings that students would not have access to.

[dubsickk]

You can aswell intergrate PHP Framework and Perl. It will work as a gold,otherwise you can try searching in forums like PerlMonks.There surely will answer you better than me,because I'm not a specialist in Perl.Sorry for my unfocused answer,but I think,as you mentioned,CloudFlare does support this kind of protection by making integrity checks.It will help you alot,so make a research.I will make one as well,so we could get to the answer faster.

 

Best Regards,

dubsickk!

[graystar66]

You can aswell intergrate PHP Framework and Perl. It will work as a gold,otherwise you can try searching in forums like PerlMonks.There surely will answer you better than me,because I'm not a specialist in Perl.Sorry for my unfocused answer,but I think,as you mentioned,CloudFlare does support this kind of protection by making integrity checks.It will help you alot,so make a research.I will make one as well,so we could get to the answer faster.

 

Best Regards,

dubsickk!

Thank you very much for your help would you mind adding me on skype? I feel as if you have alot more experience than I do with scripting. I feel as if your input would be valuable to my project. PM me if you would like my skype user. 

[Xerukai]

You can aswell intergrate PHP Framework and Perl. It will work as a gold,otherwise you can try searching in forums like PerlMonks.There surely will answer you better than me,because I'm not a specialist in Perl.Sorry for my unfocused answer,but I think,as you mentioned,CloudFlare does support this kind of protection by making integrity checks.It will help you alot,so make a research.I will make one as well,so we could get to the answer faster.

[graystar66]

You can aswell intergrate PHP Framework and Perl. It will work as a gold,otherwise you can try searching in forums like PerlMonks.There surely will answer you better than me,because I'm not a specialist in Perl.Sorry for my unfocused answer,but I think,as you mentioned,CloudFlare does support this kind of protection by making integrity checks.It will help you alot,so make a research.I will make one as well,so we could get to the answer faster.

Downvoted for the shitpost mate