Ruby Student
2/6/2009 3:28:00 PM
On Fri, Feb 6, 2009 at 8:46 AM, Robert Klemme <shortcutter@googlemail.com>w=
rote:
> 2009/2/5 Ruby Student <ruby.student@gmail.com>
> >
> > On Thu, Feb 5, 2009 at 2:52 PM, I=F1aki Baz Castillo <ibc@aliax.net>
> wrote:
> >
> > > El Jueves, 5 de Febrero de 2009, Ruby Student escribi=F3:
> > > > Hello Team,
> > > >
> > > > I have the need to encrypt/decrypt a one word string. The encrypted
> word
> > > > will be saved in a file.
> > > > Later the word will be picked-up from the file, decrypt it at
> execution
> > > > time, and use it as a UNIX password to perform certain function tha=
t
> > > > requires authentication.
> > > > What Ruby facility is available for this simple function?
> > >
> > > The problem is:
> > > Even if the UNIX password is encrypted by the Ruby programm, if an
> attacker
> > > can see the Ruby code it can know how to decrypt it.
>
> > You are correct. However, we are behind several firewalls.
> > Also, the file with the encripted password will be place within a
> "secured"
> > dir.
>
> Well... I'd rather do something different: set up ssh with ssh-agent
> so that you can do automated logins. Not sure whether that works with
> Ruby's Net::SSH but you can fork a SSH shell via system or IO.popen.
> Of course, in this scenario someone has to enter the passphrase
> once...
>
> My 0.02EUR
>
> Kind regards
>
> robert
>
>
> --
> remember.guy do |as, often| as.you_can - without end
>
>
Actually Robert, your idea might work. Let me give you the background:
We have two AIX (IBM flavor of UNIX) servers, s1 and s2 for argument sake.
s1 is an application server, while s2 is a DB2 server.
There is an SQL utility on s2 which we need to trigger (run), and which
execution will be initiated on s1 via ssh.
The Ruby utility running on s1 will eventually receive a return code from
the SQL utility running on s2 and will take appropriate action based on the
RC.
Now, to execute the SQL utility in the DB2 server, one has to use a
userid/pw which exists on DB2.
We want to encrypt the pw once, which a user will entered, and save it in a
file.
The Ruby utility will read that file and at execution time decipher the pw
and send the request.
We don't want to place an un-encrypted pw in a file, which is why I wanted =
a
cypher/decipher utility.
I found that crypt is one way encryption utility. In other words, I can
cypher but can't decipher with it.
Thanks to everyone for their input so far.
--=20
Ruby Student