Question : encryption within script

I want to use a perl script to logon to a website.  My server is not local and I would prefer a script that does not contain my username/password in plain text.  This may be a silly question, but is there anyway to do this without leaving them (any possible intruder) some way to get my password?

I want something like this:

$username = "$#@%&%^";
$password = "&^$#^!&$%";

Answer : encryption within script

crypt($password,$salt) will encrypt your $password and use $salt to basically randomize the encryption.  $salt can be any string.  There is no decrypt function so you can only do this one way.  In order to compare your input $pass from your website prompt with your stored encrypted $password, you would simply do this:

if ((crypt($pass,$salt)) eq $password) {print "password correct";}

This way your password is encrypted on your server.  To protect the plain-text query, use SSL.  That combination should make both server-side storage and transit secure.

You also need to think about client-side storage.  Web browsers save POSTed information, so someone could simply BACK up to the point where you posted and rePOST.  In this case, you should probably use a two-tier query/comparison.  Ask for username/password on first page, give a sessionID, and ask for the password again on the following page.  This way, if you expire the sessionIDs after a short time, there will be no way to rePOST that info and get through to the site.  But this is only necessary if you want to cover ALL of your bases, and is generally not used because the only ones able to get at your info this way are those who have access to machines used by authorized site users.

Hopefully that is a comprehensive answer to your question.