Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

running perls scripts from mysql

0 views
Skip to first unread message

Nene

unread,
Oct 30, 2009, 7:58:28 AM10/30/09
to
Hi,

I would like to store perl scripts in tables in mysql. So that when
someone clicks on a button on a web page, it will run the query on
that button to remove nodes in and out of the load balancers which is
a perl script. This perl script telnets into the appliance. Will
someone provide a command or keyword so that I can search
dev.mysql.com. The perl scripts has sensitive username/ passwords so
that by storing it in tables, will make it less hackable. Thanks in
advance.

johannes keßler

unread,
Oct 30, 2009, 8:15:46 AM10/30/09
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

well this can not be done with mysql, the programming language if you choice
could to the trick.
eg. the one which runs the web page.

regards,
johannes keßler
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (GNU/Linux)

iEYEARECAAYFAkrq2PIACgkQE++2Zdc7Etex9wCeP8OcfA/b0Jh9KJ/qj75infO7
iwIAoIBS/Wt8BWbabG3t2w1IEmmRz5YV
=plq6
-----END PGP SIGNATURE-----

The Natural Philosopher

unread,
Oct 30, 2009, 8:39:06 AM10/30/09
to
johannes keßler wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Nene wrote:
>> Hi,
>>
>> I would like to store perl scripts in tables in mysql. So that when
>> someone clicks on a button on a web page, it will run the query on
>> that button to remove nodes in and out of the load balancers which is
>> a perl script. This perl script telnets into the appliance. Will
>> someone provide a command or keyword so that I can search
>> dev.mysql.com. The perl scripts has sensitive username/ passwords so
>> that by storing it in tables, will make it less hackable. Thanks in
>> advance.
>
> Hello,
>
> well this can not be done with mysql, the programming language if you choice
> could to the trick.
> eg. the one which runs the web page.
>

Exactly. In principle

use sql to retrieve the script to a temporary file

use a shell/system type command to make it executable, and to execute
it. And to delete it.


pass any data it generates back to web user if needed or program for
processing

....

Jerry Stuckle

unread,
Oct 30, 2009, 9:10:09 AM10/30/09
to

Storing in a file (even a temporary one) is unnecessary overhead and can
create the very security exposure they are trying to prevent.

But then it's also a typical stoopid TNP suggestion.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstu...@attglobal.net
==================

toby

unread,
Oct 30, 2009, 9:47:57 AM10/30/09
to

Is that a faulty premise, or a faulty conclusion? Either way, this
design sounds absurd. What problem are you really trying to solve?

> Thanks in
> advance.

The Natural Philosopher

unread,
Oct 30, 2009, 9:59:38 AM10/30/09
to
Jerry Stuckle wrote:
> The Natural Philosopher wrote:
Note no alternative is suggested by the Stucklehead.

Peter H. Coffin

unread,
Oct 30, 2009, 12:12:42 PM10/30/09
to

*shrug* That's because "pipe query output straight into perl so there's
no intermediary file lying around for someone to examine or change"
seems pretty ... well, obvious. Isn't it?

--
It's possible there had been armed autonomous droids at some point in the past,
and one can almost imagine past issues of that galaxy's Risks Digest.
-- Anthony DeBoer, on SW: TPM

The Natural Philosopher

unread,
Oct 30, 2009, 1:57:57 PM10/30/09
to
Peter H. Coffin wrote:
> On Fri, 30 Oct 2009 13:59:38 +0000, The Natural Philosopher wrote:
>
>> Jerry Stuckle wrote:
>>
>>> The Natural Philosopher wrote:
>>>
>>>> use a shell/system type command to make it executable, and to
>>>> execute it. And to delete it.
>>>>
>>>>
>>>> pass any data it generates back to web user if needed or program for
>>>> processing
>>>>
>>>> ....
>>> Storing in a file (even a temporary one) is unnecessary overhead and
>>> can create the very security exposure they are trying to prevent.
>>>
>>> But then it's also a typical stoopid TNP suggestion.
>> Note no alternative is suggested by the Stucklehead.
>
> *shrug* That's because "pipe query output straight into perl so there's
> no intermediary file lying around for someone to examine or change"
> seems pretty ... well, obvious. Isn't it?
>
depends on what is actually running the query.

Peter H. Coffin

unread,
Oct 30, 2009, 3:35:59 PM10/30/09
to

No it doesn't. The pipe option is still obvious. EVERY supported OS that
has mysql connectors also supports piping, at least at the level that
perl is executed.

--
45. I will make sure I have a clear understanding of who is responsible for
what in my organization. For example, if my general screws up I will not
draw my weapon, point it at him, say "And here is the price for failure,"
then suddenly turn and kill some random underling. --Evil Overlord List

Jerry Stuckle

unread,
Oct 30, 2009, 4:41:24 PM10/30/09
to

Nope, because it's off topic in this newsgroup. And also, as Peter
indicated, the answer is obvious.

He needs to be in a Perl newsgroup as was hinted at by johannes.

0 new messages