DBIx-PasswordIniFile

 view release on metacpan or  search on metacpan

PasswordIniFile.pm  view on Meta::CPAN

package DBIx::PasswordIniFile;

use strict;
use vars qw($VERSION $AUTOLOAD);

$VERSION = '2.00';

use DBI();
use Config::IniFiles;
use Crypt::CBC;       # Requires Crypt::Blowfish
use File::HomeDir;

my %connect_cache;

=head1 NAME

DBIx::PasswordIniFile - Manages DBI connections with password and other params stored in a C<.ini> style file.

=head1 SYNOPSIS

    use DBIx::PasswordIniFile;
    $conn = DBIx::PasswordIniFile->new( 
              -file    => 'path/to/config.ini',
              -section => 'database connection',
              -key     => 'encrypt and decrypt key',
              -cipher  => 'Blowfish'
    );

    $ary = $conn->getDBIConnectParams();
    $dbh = DBI->connect( @$ary ) or die $DBI::errstr;
    
    $encrypted_passw = $conn->changePassword('new_password');
    
    $encrypted = $conn->encryptPassword( 'clear_password' );
    $clear     = $conn->decryptPassword( $encrypted );
    
    
    # THIS METHODS ARE DEPRECATED:
    
    $conn->connect( \%attributes ); # or
    $conn->connect(); 

    $conn->connectCached( \%attributes ); # or
    $conn->connectCached();

    $conn = DBIx::PasswordIniFile->getCachedConnection( 'path/to/file.ini' );

    $hash_ref = DBIx::PasswordIniFile->getCache();

    $dbh = $conn->dbh();

=head1 DESCRIPTION

Manages DBI connection parameters stored in a C<.ini> style configuration file 
(really a C<Config::IniFiles> config file), with B<password stored 
encrypted>.

This module allows you to store L<DBI> C<connect> params in a C<.ini> style
configuration file, with password encrypted. C<.ini> configuration files are 
plain text files managed with C<Config::IniFiles> module. Once written, there 
is a command line utility called C<encpassw.pl> that re-writes the C<.ini> file,
encrypting the password. The same may be done programatically, calling 
C<changePassword> .

This module is similar to C<DBIx::Password>. The differences are that
DBI connection parameters aren't stored as part of the module source
code (but in an external C<.ini> style file), and that this module lets
you only one virtual user (i.e. one connection specification) per C<.ini> file. 

(THIS IS DEPRECATED) Like <DBIx::Password>, this is a subclass of DBI, so you

PasswordIniFile.pm  view on Meta::CPAN

  $encrypted_passw = $conn->changePassword('new_clear_password')>

Replaces the encrypted password stored in C<.ini> file with the result of
encrypting C<new_clear_password> password (so, C<new_clear_password> is the new
password in clear form).

Returns the new encrypted password saved in C<.ini> file.

=cut

sub changePassword
{
    my $self = shift;
    my $pass = shift;

    my $encrypt_pass = $self->encryptPassword($pass);

    my $param;
    my $cfg = $self->{config_};
    
    $param = undef;
    $param = 'password' if $cfg->exists($self->{section_},'password') ;
    $param = 'pass' if $cfg->exists($self->{section_},'pass') ;
    
    if( ! $param )
    {
      # Not specified. Guess pass or password  
      # With old content model for .ini file, 'driver' param was mandatory,
      # and with new content model, this param does't exist.
      # So, existence or not existence of this param determines content model.
      #
      $param = ( $cfg->exists($self->{section_},'driver') 
                 ? 'password' 
                 : 'pass');
      $cfg->newval( $self->{section_}, $param, $encrypt_pass );
    }
    else
    {       
      $cfg->setval($self->{section_}, $param, $encrypt_pass);
    }
    
    $cfg->RewriteConfig();
    $cfg->ReadConfig();
            
    return $encrypt_pass;
}

=head2 encryptPassword

    $encrypted_password = $conn->encryptPassword( $clear_password );
    
Encrypts a clear password.

=cut

sub encryptPassword
{
    my $self = shift;
    my $pass = shift;
  
    my $cipher = Crypt::CBC->new( {'key'             => $self->{key_},
                                   'cipher'          => $self->{cipher_}
                                  });
    $cipher->start('Encript');
    my $ciphertext = $cipher->encrypt_hex($pass);
    $cipher->finish();
    
    return $ciphertext;
}

=head2 decryptPassword

    $clear_password = $conn->decryptPassword( $encrypted_password );
    
Decrypts an encrypted password.

=cut

sub decryptPassword
{
    my $self = shift;
    my $pass = shift;
  
    my $cipher = Crypt::CBC->new( {'key'             => $self->{key_},
                                   'cipher'          => $self->{cipher_}
                                  });
    $cipher->start('Decript');
    my $plaintext = $cipher->decrypt_hex($pass);
    $cipher->finish();
    
    return $plaintext;
}


=head2 C<$conn-E<gt>connect( [\%attributes] )>  (DEPRECATED)

Calls C<DBI-E<gt>connect> with values stored in C<.ini> file specified in 
C<new>. C<\%attributes> refers to last parameter of C<DBI-E<gt>connect>.

If specified, C<\%attributes> take precedence over any conflicting stored in
C<..._attributes> section of C<.ini> file.

=cut

sub connect
{
    my($self,$options) = @_;

    my @params = @{$self->getConnectParams_()};
    $params[-1] = { %{$params[-1]}, %$options } if $options && @params == 4;
    $params[3]  = $options if $options && @params == 3;
    $self->{dbh_} = DBI->connect( @params );

    return $self->{dbh_};
}

=head2 C<$conn-E<gt>connectCached( [\%attributes] )>  (DEPRECATED)

Same as C<connect>, but caches a copy of C<$conn> object.

Cached objects may be retrieved with L<C<getCachedConnection>>.

=cut

sub connectCached
{

    my($self,$options) = @_;
 
    my @params = @{$self->getConnectParams_()};
    $params[-1] = { %{$params[-1]}, %$options } if $options && @params == 4;
    $params[3]  = $options if $options && @params == 3;
    $self->{dbh_} = DBI->connect( @params );

    $connect_cache{$self} = $self;

    return $self->{dbh_};
}

=head2 C<$conn = DBIx::PasswordIniFile-E<gt>getCachedConnection( 'path/to/file.ini' )> (DEPRECATED)

Returns a valid C<DBIx::PasswordIniFile> object corresponding to the C<.ini>
file argument, if its C<connectCached> was launched. Or returns C<undef> if argument
doesn't correspond to a cached connection.

PasswordIniFile.pm  view on Meta::CPAN

    password
    dsn

If C<driver=ODBC> then C<dsn>, C<username> and C<password> are mandatory, and
all other parameters are ignored.
If C<driver> isn't ODBC, then all parameters except C<database>, C<username>
and C<password> are optional.

Also, if attributes for connection have to be specified, specify them as 
parameters of another section with same name and C<_attributes> at the end.
For example, if your C<.ini> file has a C<connect> section, connection
attributes (if specified) are assumed to be in C<connection_attributes>
section. If has a C<virtual user> section, attributes are assumed to be
in C<virtual user_attributes>, and so on.

Properties/Values in C<..._attributes> section aren't predefined and are used
as key/value pairs for C<\%attr> argument when DBI C<connect> method is
called.

All propertie values are stored as plain text in C<.ini> file, except
C<password> value, that is stored encrypted using an encription
algorithm (default is Blowfish_PP).

Below is an example of C<.ini> file content:

    [db_config_section]
    driver=mysql
    database=suppliers
    host=www.freesql.org
    port=3306
    username=ecastilla
    password=52616e646f6d495621c18a03330fee46600ace348beeec28
  
    [db_config_section_attributes]
    PrintError=1
    RaiseError=0
    AutoCommit=1

This is an example owith ODBC:

    [db_config_section]
    driver=ODBC
    dsn=FreeSQL

=back

Other sections and properties of the C<.ini> file are ignored, and do not
cause any undesired effect. This lets you use non dedicated C<.ini> files
for storing DBI connection parameters.

=head2 DEFAULT_KEY file

When installed, a C<DEFAULT_KEY> (NO dot prefixed) file is created at the same
directory of C<PasswordIniFile.pm>. It stores a default key used when no C<-key> 
argument is specified in C<new> .

You may override this file creating your own C<.DEFAULT_KEY> (note dot prefixed)
file at your home directory.

In either case, content of this files is ONE line with a string used as key for
C<Crypt::CBC> algorithm.

=head1 SECURITY CONSIDERATIONS

In C<.ini> file, password is stored encrypted, and never in clear form. But note
that the mechanism is not completely secured because passwords are stored clear
in memory. A hack may do a memory dump and see the password.

Although with this limitation, I think the module is a good balance between security
and simplicity.

=head1 REQUISITES

Perl v5.8.6 or above has to be installed. If not, an error

   Free to wrong pool XXX not YYY during global destruction

is displayed, and Perl crashes.

An encription module has to be installed. Default is to use
C<Crypt::Blowfish> for encription and decription. If not installed Blowfish, 
specify your preferred (without C<Crypt::> prefix).

=head1 SEE ALSO

There is an utility called L<encpassw.pl> that takes a C<.ini> file
and replaces the C<pass/password> param value with its encrypted form.
 
L<DBI>, L<Config::IniFiles>, L<DBIx::Password>.

=head1 COPYRIGHT AND LICENSE

Copyright 2005-2008 Enrique Castilla.

This library is free software; you can redistribute it and/or modify it under
the same terms as Perl itself. 

This program is distributed in the hope that it will be useful, but without any 
warranty; without even the implied warranty of merchantability or fitness for a 
particular purpose. 

=head1 AUTHOR

Enrique Castilla E<lt>L<mailto:ecastillacontreras@yahoo.es|ecastillacontreras@yahoo.es>E<gt>.