Re^2: use of already eval()ed module (from string)

Replies are listed 'Best First'.
Re^3: use of already eval()ed module (from string) by LanX (Saint) on Jan 08, 2019 at 22:23 UTC
I'm afraid you are missing the point here. But as long as you're happy, it's OK for me. :) Cheers Rolf _{(addicted to the Perl Programming Language :) Wikisyntax for the Monastery FootballPerl is like chess, only without the dice}	[reply]
Re^4: use of already eval()ed module (from string) by bliako (Monsignor) on Jan 09, 2019 at 10:29 UTC
LanX, I think I got the point but please correct me if not: install the hook in @INC to read any `require`d module via a network transfer or even from an array of strings each representing a module. do not eval any module at all. Instead eval the executable/test script. For each of its required modules, if not found in @INC will eventually reach the hook sub and get it to load. in this way only required modules are eval'ed, the rest wait either in the array of strings (as is the case with me) or at the server if via network. All this is nice but I omitted one detail: The module files read are encrypted. The user supplies a password at runtime in order to be able to load them. So, with this detail, the trilemma is: use the password to decrypt all the modules at once, destroy the password-var, keep the modules in-memory-waiting for the hook to load them whenever needed. Modules stay in the array of strings as plaintext, for the sake of destroying the password-var and also not statically bundling the app with lots of modules. store the password in the hook to decrypt module-strings whenever requested. This is the dynamic bundling so-to-speak but with the danger that the password remains in memory for the time of the execution. do not use a hook, but decrypt the modules at once, destroy the password, eval ALL the modules (static bundling) before executing the test script, destroy all plaintext module strings - essentially within a a few (critical) seconds. The last option minimises the danger of memory-dumping the password and the plaintext module strings but does eval all the modules at once (they may not be needed) and then executes the script. The up-side is that modules now reside in the perl interpreter and memory-dumping that will take significantly more effort than memory-dumping a plaintext string variable. So, I am good+genki with 3rd option (Update: I believe...), thanks, bliako	[reply] [d/l]
Re^5: use of already eval()ed module (from string) by LanX (Saint) on Jan 09, 2019 at 11:57 UTC
The more modules are to be required dynamically the more a @INC hook approach is recommended, because otherwise timing could cause weird side effects . Regarding your new "encryption" requirement, well good luck... You seem to believe compiling Perl code makes it unreadable, but I can instantly think of at least three different approaches to deparse op-trees held in memory. Personally I'd leave the decryption to the hook. If you are afraid that the decryption key could be read from memory, switch to a algorithm which encrypts the key. Since your approach is based on secure op-trees, this would be "safe" too. (read: not any more unsafe) Cheers Rolf _{(addicted to the Perl Programming Language :) Wikisyntax for the Monastery FootballPerl is like chess, only without the dice}	[reply]
Re^6: use of already eval()ed module (from string) by bliako (Monsignor) on Jan 14, 2019 at 16:50 UTC
Re^7: use of already eval()ed module (from string) by afoken (Chancellor) on Jan 15, 2019 at 07:57 UTC
Some notes below your chosen depth have not been shown here
Re^7: use of already eval()ed module (from string) by kschwab (Vicar) on Jan 14, 2019 at 20:10 UTC
Re^7: use of already eval()ed module (from string) by LanX (Saint) on Jan 14, 2019 at 20:51 UTC
Some notes below your chosen depth have not been shown here


Come for the quick hacks, stay for the epiphanies.
	PerlMonks