Please help me in writing SWIG interace.
请帮我写一下SWIG interace。
I want to open a database connection handle in C program. This handle must be passed to Perl, where I will use the Perl DB interface for interacting with the database. For security purpose we wanted to use this mechanism. I want to pass the database handle using SWIG interface.
我想在C程序中打开一个数据库连接句柄。必须将此句柄传递给Perl,我将使用Perl DB接口与数据库进行交互。出于安全考虑,我们希望使用此机制。我想使用SWIG接口传递数据库句柄。
Added:
We are using Perl infrastructure for our businees needs. There are too many user accounts, database servers, that are spread across the firm. We wanted business passwords to be secured and wanted to allow only the privileged members. Earlier we have placed all the passwords in a text file and read from that. If we keep anywhere else, then they will be able to debug the Perl modules and find them. If we create a handle in C and give the same instead of returning password, that will be more helpful.
我们正在使用Perl基础设施满足我们的业务需求。有太多的用户帐户,数据库服务器,遍布整个公司。我们希望商业密码是安全的,并希望只允许特权成员。之前我们已将所有密码放在一个文本文件中并从中读取。如果我们保留在其他任何地方,那么他们将能够调试Perl模块并找到它们。如果我们在C中创建一个句柄并给出相同而不是返回密码,那将更有帮助。
3 个解决方案
#1
3
The Perl DBI (DataBase Interface) does not make provision for passing an already-open database handle to the driver - the interface assumes that (DBI plus the relevant DataBase Driver or DBD::XyzDBMS module) will establish the connection. Therefore, at best, you are going to be writing the code to extend DBI to allow for this, and also extending the relevant DBD to support it, which is an altogether non-trivial exercise.
Perl DBI(DataBase接口)没有规定将已打开的数据库句柄传递给驱动程序 - 接口假定(DBI加上相关的DataBase驱动程序或DBD :: XyzDBMS模块)将建立连接。因此,在最好的情况下,您将编写代码来扩展DBI以实现此目的,并且还扩展相关的DBD以支持它,这是一个完全不重要的练习。
So, why do you think this is a good idea - what is the security benefit of doing things this way rather than just letting DBI handle the connection too?
那么,为什么你认为这是一个好主意 - 以这种方式做事的安全性好处是什么,而不仅仅是让DBI处理连接呢?
Embedding the passwords in the application is the wrong way to go from so many points of view it is hard to know where to begin:
在应用程序中嵌入密码是错误的方法,从很多角度来看,很难知道从哪里开始:
- Changing the password means recompiling and rereleasing the programs, so it will never happen.
- Everyone uses the same user name and password to connect to the database or web service, so you have no idea who is doing the connecting.
- The passwords will be discoverable in the object files - it is an odds-on bet that if an attacker is really concerned, they'll be able to find them.
- Etcetera.
更改密码意味着重新编译和重新发布程序,因此永远不会发生。
每个人都使用相同的用户名和密码连接到数据库或Web服务,因此您不知道谁在进行连接。
密码将在目标文件中被发现 - 如果攻击者真的担心,他们将能够找到它们,这是一种可能性。
'Security through obscurity' is not secure at all!
But that is what you are proposing to use.
但这就是你建议使用的东西。
Please get yourself some advice on how to write secure software from those who know. Or read some of the many excellent books on the subject.
请给自己一些关于如何从知道的人那里编写安全软件的建议。或者阅读一些关于这个主题的优秀书籍。
#2
1
Check out Inline::C as an alternative to (or a gentle wrapper around) SWIG. You will get going using C from Perl much faster than trying to learn how to use SWIG.
查看Inline :: C作为(或温和包装)SWIG的替代方案。你会比使用Perl更快地学习如何使用SWIG。
#3
-1
We are using Perl infrastructure for our businees needs. There are too many user accounts, database servers, that are spread across the firm. We wanted business passwords to be secured and wanted to allow only the privileged members. Earlier we have placed all the passwords in a text file and read from that. If we keep anywhere else, then they will be able to debug the perl modules and find them. If we create a handle in C and give the same instead of returning password, that will be more helpful.
我们正在使用Perl基础设施满足我们的业务需求。有太多的用户帐户,数据库服务器,遍布整个公司。我们希望商业密码是安全的,并希望只允许特权成员。之前我们已将所有密码放在一个文本文件中并从中读取。如果我们保留其他任何地方,那么他们将能够调试perl模块并找到它们。如果我们在C中创建一个句柄并给出相同而不是返回密码,那将更有帮助。
#1
3
The Perl DBI (DataBase Interface) does not make provision for passing an already-open database handle to the driver - the interface assumes that (DBI plus the relevant DataBase Driver or DBD::XyzDBMS module) will establish the connection. Therefore, at best, you are going to be writing the code to extend DBI to allow for this, and also extending the relevant DBD to support it, which is an altogether non-trivial exercise.
Perl DBI(DataBase接口)没有规定将已打开的数据库句柄传递给驱动程序 - 接口假定(DBI加上相关的DataBase驱动程序或DBD :: XyzDBMS模块)将建立连接。因此,在最好的情况下,您将编写代码来扩展DBI以实现此目的,并且还扩展相关的DBD以支持它,这是一个完全不重要的练习。
So, why do you think this is a good idea - what is the security benefit of doing things this way rather than just letting DBI handle the connection too?
那么,为什么你认为这是一个好主意 - 以这种方式做事的安全性好处是什么,而不仅仅是让DBI处理连接呢?
Embedding the passwords in the application is the wrong way to go from so many points of view it is hard to know where to begin:
在应用程序中嵌入密码是错误的方法,从很多角度来看,很难知道从哪里开始:
- Changing the password means recompiling and rereleasing the programs, so it will never happen.
- Everyone uses the same user name and password to connect to the database or web service, so you have no idea who is doing the connecting.
- The passwords will be discoverable in the object files - it is an odds-on bet that if an attacker is really concerned, they'll be able to find them.
- Etcetera.
更改密码意味着重新编译和重新发布程序,因此永远不会发生。
每个人都使用相同的用户名和密码连接到数据库或Web服务,因此您不知道谁在进行连接。
密码将在目标文件中被发现 - 如果攻击者真的担心,他们将能够找到它们,这是一种可能性。
'Security through obscurity' is not secure at all!
But that is what you are proposing to use.
但这就是你建议使用的东西。
Please get yourself some advice on how to write secure software from those who know. Or read some of the many excellent books on the subject.
请给自己一些关于如何从知道的人那里编写安全软件的建议。或者阅读一些关于这个主题的优秀书籍。
#2
1
Check out Inline::C as an alternative to (or a gentle wrapper around) SWIG. You will get going using C from Perl much faster than trying to learn how to use SWIG.
查看Inline :: C作为(或温和包装)SWIG的替代方案。你会比使用Perl更快地学习如何使用SWIG。
#3
-1
We are using Perl infrastructure for our businees needs. There are too many user accounts, database servers, that are spread across the firm. We wanted business passwords to be secured and wanted to allow only the privileged members. Earlier we have placed all the passwords in a text file and read from that. If we keep anywhere else, then they will be able to debug the perl modules and find them. If we create a handle in C and give the same instead of returning password, that will be more helpful.
我们正在使用Perl基础设施满足我们的业务需求。有太多的用户帐户,数据库服务器,遍布整个公司。我们希望商业密码是安全的,并希望只允许特权成员。之前我们已将所有密码放在一个文本文件中并从中读取。如果我们保留其他任何地方,那么他们将能够调试perl模块并找到它们。如果我们在C中创建一个句柄并给出相同而不是返回密码,那将更有帮助。