topic Re: Perl and FTP in Operating System - HP-UX

Perl and FTP

rccmum — Mon, 15 Sep 2008 18:12:12 GMT

I am writing a perl script and using Net:FTP module.

I was wondering if there is away I can have the script detect the file type ( Binary or ASCII) automatically?

I am putting the FTP server login in credentials in the script. Is there any way to hide/encrypt the password field?

Is there any way to encrypt a perl script so if someone wants to open it for read will ask some password however the script is executable anyway?

Thanks in advance.

Re: Perl and FTP

H.Merijn Brand (procura — Mon, 15 Sep 2008 19:41:10 GMT

Yes, using ~/.netrc and Net::Netrc

--8<---
use Net::FTP;
use Net::Netrc;

my ($host, $u, $p) = ("some.host.com", "username");
if (my $machine = Net::Netrc->lookup ($host)) {
($u, $p) = $machine->lpa;
}

my $ftp = Net::FTP->new ($host, Passive => 1) or die "Connect failed: $@";
$ftp->login ($u, $p) or die "login: " .$ftp->message;
$ftp->binary or die "binary: " .$ftp->messgae;
-->8---

Enjoy, Have FUN! H.Merijn

Re: Perl and FTP

Bill Hassell — Tue, 16 Sep 2008 01:32:49 GMT

> I was wondering if there is away I can have the script detect the file type ( Binary or ASCII) automatically?

There isn't any method to detect ASCII except to guess. The problem is that BINARY is an ftp protocol that simply sends exactly what is on the source and stores it the same way on the destination. An ASCII transfer is much more complicated to accommodate the myriad of differences between OS file formats. In the code, the source file is read one record at a time with the record defined by the source system. This record is sent with length information so that that receiving side can add whatever special code(s) are needed to form an "ASCII" file on the destination system. Mainframes have dozens of specialized formats so ASCII can be quite useful in transferring text files.

But the definition of an ASCII file, especially in Unix is quite convoluted. A Postscript file is ASCII but technically, a PCL file is mostly ASCII with escape sequences. An awk or Perl script is ASCII but a library file or executable is binary but of dubious value on another system. So the decision must be made based on the purpose and usage of the file.

> credentials in the script

Why worry about it? Anyone can sniff the network and see the plain text login and password. That's why ftp is deprecated for secure data transmissions or at least limited to FTP-only chroot accounts.

If you have no choice in FTP, consider using $HOME/.netrc to hide the login/password outside the script. This is only a trivial mechanism because the script must be run by the user with the $HOME/.netrc file.

The ideal method is scp or sftp using public key exchange. In this way, no user or password is visible during the negotiation and the data is protected.

Re: Perl and FTP

rccmum — Tue, 30 Sep 2008 01:57:46 GMT

Thank you both of you for your responses and time.

Any comment on the encrypting a perl script?

Thanks again for your help.

Re: Perl and FTP

James R. Ferguson — Tue, 30 Sep 2008 10:45:27 GMT

Hi:

> Is there any way to encrypt a perl script so if someone wants to open it for read will ask some password however the script is executable anyway?

By using the Net::Netrc module you don't have a plaintext password in the Perl script itself, so there is no danger in seeing the script's contents.

In lieu of FTP, you could easily change to SFTP using Perl's Net::SFTP::Foreign module. Fetch it and read its documentation here:

http://search.cpan.org/~salva/Net-SFTP-Foreign-1.43/lib/Net/SFTP/Foreign.pm

Regards!

...JRF...