Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re: secure storage

by ask (Pilgrim)
on Nov 23, 2001 at 16:02 UTC ( #127100=note: print w/replies, xml ) Need Help??


in reply to secure storage

If people can read your script they can also trivially read the rule file no matter how you encrypt it.

What are your goals? What security issues are you trying to deal with? It's easier to help if you tell about what you are trying to do instead of how you would like to do it. :-)

 - ask

-- 
ask bjoern hansen, http://ask.netcetera.dk/   !try; do();

Replies are listed 'Best First'.
(ichimunki) Re: secure storage
by ichimunki (Priest) on Nov 23, 2001 at 19:42 UTC
    That's not true. If the file is encrypted using a password that must be given to the script by the user when the script is started up, then the password information is stored only in RAM, not in any place someone reading the script or the rules files can get to as easily. I'm sure it's possible to find it in the RAM, but I think a password approach manages the risk of a more casual reader getting at the file quite well. If the script is such that it must be started and stopped frequently (like a non mod_perl CGI), then this approach becomes less attractive.
Re: Re: secure storage
by wertert (Sexton) on Nov 23, 2001 at 16:58 UTC
    This is true - anyone with basic perl knowledge can look at the script and workout how to pull out the original info. I am not after total security but only want to stop anyone cat'ing out the file. Other ideas I have had are using the perlapp ( active perl ) to produce a stand alone executable and embeding the rule file within the script or running the whole thing from a web server so the script in question is not directly accessable ( other than by web master ). Thanks for you reply.
      You still didn't tell us what it really is that you are trying to do. ;-)

      If you just want a bit of obfuscation, maybe a simple tr/// before you save and after you read the file could do.

       - ask

      -- 
      ask bjoern hansen, http://ask.netcetera.dk/   !try; do();
      

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://127100]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (5)
As of 2022-01-18 20:48 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:












    Results (54 votes). Check out past polls.

    Notices?