develooper Front page | perl.beginners | Postings from January 2002

Re: hiding file data

Thread Previous | Thread Next
From:
Frank
Date:
January 9, 2002 07:52
Subject:
Re: hiding file data
Message ID:
20020109155221.GD13881@fysh.org
On Tue, Jan 08, 2002 at 07:26:42PM +0000, Stuart wrote:
> Hi All,
> 
> I have a few perl files that I need to send out to a client. However, we do 
> not want them seeing what are in the files for obvious reason. Is there any 
> way that I can hide the info in the files, or should I creat an executable.
---end quoted text---

Hi Stuart,

Are you saying that there is sensitive data enclosed in the file like:

	$database='deepthought';
	$password='l3tm3In'; 

Say for use with databases that your company owns?


If there is sensitive data like this, consider using a seperate file to store
the settings in and then encrypting it using a standard Perl module from CPAN,
(http://www.cpan.org/ it's where we share the fruits of our labour ;) something
like DES cyphers should be more than adequate. Or roll-yer-own, I worked
in a S/W house that used rot 13 of all things, something like:

tr/a-nm-zA-NM-Z/m-za-nM-ZA-n/;

should replicate that but I'd not recommend it.


If the Perl code itself is what you want to conceal then consider:

	1) Perl is open source, so anything written with it should be too.
	Check the legality, I've never written Perl code to resell so
	don't know.

	2) Having source code viewable to all, means it has to be secure in
	better ways. Remember "obscurity is not security". If you compiled
	the code people could still strace it and see what you were doing.

	3) Owning software is bad mmmkay; better to make it open-source
	and let others test/debug/submit patches to make robust code at
	the slight cost of not being able to charge for the code, just
	the support and development time.

	A metric of this is Red-Hat (I don't like RH but it's an example):
	when Red-Hat 7.0 was release several thousand bugs were logged by
	users, within a fortnight almost all were resolved: compare that
	to the rate of bug-fix in Windows. The trick is users were submitting
	fixes.

From your post I assumed the former (hiding sensitive data) was what you wanted
and the latter is redundant, from the replies it seemed people thought you meant
the latter. I'm hoping it's a misunderstanding.

Randal's book "Learning Perl" deals with seperating config data. For
rolling your own cyphers to encrypt stuff, you'll need something like
"Algolrithms in Perl" or to trust CPAN.

All the best.	
	
-- 
 Frank Booth - Consultant
Parasol Solutions Limited.
(www.parasolsolutions.com)

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About