What are your goals? What security issues are you trying to deal with? It's easier to help if you tell about what you are trying to do instead of how you would like to do it. :-)

 - ask

-- 
ask bjoern hansen, http://ask.netcetera.dk/   !try; do();

That's not true. If the file is encrypted using a password that must be given to the script by the user when the script is started up, then the password information is stored only in RAM, not in any place someone reading the script or the rules files can get to as easily. I'm sure it's possible to find it in the RAM, but I think a password approach manages the risk of a more casual reader getting at the file quite well. If the script is such that it must be started and stopped frequently (like a non mod_perl CGI), then this approach becomes less attractive.

This is true - anyone with basic perl knowledge can look at the script and workout how to pull out the original info. I am not after total security but only want to stop anyone cat'ing out the file. Other ideas I have had are using the perlapp ( active perl ) to produce a stand alone executable and embeding the rule file within the script or running the whole thing from a web server so the script in question is not directly accessable ( other than by web master ). Thanks for you reply.

You still didn't tell us what it really is that you are trying to do. ;-)

If you just want a bit of obfuscation, maybe a simple tr/// before you save and after you read the file could do.

 - ask

-- 
ask bjoern hansen, http://ask.netcetera.dk/   !try; do();

First eval is a dangerous function to be using as a modification of one of the evaled expressions could be ahmm...interesting. Instead why not have all your rules ( regex pattern or not) wrapped in accessor methods in a file called say rules.pl:

package Rules;

sub rule1 {
    shift =~ m/some_pattern/;
}
[download]

This will return true or false depending on whether the passed argument matches /some_pattern/. You use it like this:

require rules.pl

&do_something() if Rule::rule1($match_this_data);
[download]

Then set it up so that your script is part of a unique group called say 'foo' Your rules file can then be made readable only by this group and no one else, hence the only access is via the script and no one except root, the owner(you) and the script can read it.

cheers

tachyon

s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

As has been pointed out already, there is a difference between being able to stop someone from casually being able to see in a file and stopping someone with intent and ability.

To stop the former, my favorite technique is using Acme::Bleach (by our own TheDamian). It removes all printable ascii and when it's done only white-space characters remain. It performs the "encryption" the first time it runs, the next time will actually run the file.

Filter::Decrypt runs in much the same way. Make sure to check out the warnings in the documentation, though. It gives a good explanation about why this isn't real security.

I'm not sure how storable fits in to all this. I imagine something like the following:

#! /usr/bin/perl -w
use strict;
use Acme::Bleach;
@main::data = <DATA>
__DATA__
#Contents of storable output
#go in this section.
[download]

That's untested and probably won't work as written (I haven't had a chance to play with storable yet). But I hope it will give you some ideas.

Update: ++Tachyon - like I said, this technique is only enough to stop the most easily discouraged folks from getting your data.

Good luck,
{NULE}
--
http://www.nule.org

To stop the former, my favorite technique is using Acme::Bleach (by our own TheDamian).

Sadly source filters are about as bulletproof as fairy floss:

unbleach.pl

tachyon

s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print