How can I open a DB handle in C and pass it to Perl using SWIG?

Question

Please help me in writing SWIG interace.

I want to open a database connection handle in C program. This handle must be passed to Perl, where I will use the Perl DB interface for interacting with the database. For security purpose we wanted to use this mechanism. I want to pass the database handle using SWIG interface.

---

Added:

We are using Perl infrastructure for our businees needs. There are too many user accounts, database servers, that are spread across the firm. We wanted business passwords to be secured and wanted to allow only the privileged members. Earlier we have placed all the passwords in a text file and read from that. If we keep anywhere else, then they will be able to debug the Perl modules and find them. If we create a handle in C and give the same instead of returning password, that will be more helpful.

Answer 1

The Perl DBI (DataBase Interface) does not make provision for passing an already-open database handle to the driver - the interface assumes that (DBI plus the relevant DataBase Driver or DBD::XyzDBMS module) will establish the connection. Therefore, at best, you are going to be writing the code to extend DBI to allow for this, and also extending the relevant DBD to support it, which is an altogether non-trivial exercise.

So, why do you think this is a good idea - what is the security benefit of doing things this way rather than just letting DBI handle the connection too?

---

Embedding the passwords in the application is the wrong way to go from so many points of view it is hard to know where to begin:

• Changing the password means recompiling and rereleasing the programs, so it will never happen.
• Everyone uses the same user name and password to connect to the database or web service, so you have no idea who is doing the connecting.
• The passwords will be discoverable in the object files - it is an odds-on bet that if an attacker is really concerned, they'll be able to find them.
• Etcetera.

'Security through obscurity' is not secure at all!

But that is what you are proposing to use.

Please get yourself some advice on how to write secure software from those who know. Or read some of the many excellent books on the subject.

Answer 2

We are using Perl infrastructure for our businees needs. There are too many user accounts, database servers, that are spread across the firm. We wanted business passwords to be secured and wanted to allow only the privileged members. Earlier we have placed all the passwords in a text file and read from that. If we keep anywhere else, then they will be able to debug the perl modules and find them. If we create a handle in C and give the same instead of returning password, that will be more helpful.

Answer 3

Check out Inline::C as an alternative to (or a gentle wrapper around) SWIG. You will get going using C from Perl much faster than trying to learn how to use SWIG.