in reply to RFC: SecureString - Obfuscated / masked strings exept when you need them
One question: what about Data::Dumper and friends? Sure what you've done is interesting, but if a password is part of a structure or object which gets dumped, you're no further ahead. I'd suggest storing the value as sub { $value }. At least it won't be so obvious then. Otherwise, I like it.
Oh yes. Also I don't think that the default obfusticator ought to use the length of the value in the masked string as that leaks information, i.e. the length of the value.
And I prefer Text::Masked
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: RFC: SecureString - Obfuscated / masked strings exept when you need them
by duelafn (Parson) on Jul 22, 2011 at 18:04 UTC |
In Section
Meditations