Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Re: RFC: SecureString - Obfuscated / masked strings exept when you need them

by iguanodon (Priest)
on Jul 19, 2011 at 18:26 UTC ( #915518=note: print w/replies, xml ) Need Help??


in reply to RFC: SecureString - Obfuscated / masked strings exept when you need them

Sorry if I'm missing the point, but why can't you just not log the sensitive data?

  • Comment on Re: RFC: SecureString - Obfuscated / masked strings exept when you need them

Replies are listed 'Best First'.
Re^2: RFC: SecureString - Obfuscated / masked strings exept when you need them
by duelafn (Vicar) on Jul 19, 2011 at 21:13 UTC

    Indeed, possible. That falls under the "Be more careful" option, however, the assumption of "CONSTANT VIGILANCE!" is the enemy of good security. Up until now, I have stuck with the constant vigilance approach, but it can get difficult. For instance, some systems save values/query parameters into some form of "global" request object/hash then pass that thing around. While that is a bad idea security-wise (for exactly this issue), it is not an uncommon approach and can be done in a reasonable way (meaning, I have seen at least one system that did this that was robust and not painful to work with).

    So far, I think that an approach such as SecureString would be easier/safer in these situations, and probably also in more security-ideal situations. Of course, I've been mulling the idea around subconsciously for a while and I wrote the thing, so of course it looks like a good idea to me. I am not yet sure whether this type of approach falls in the "good idea" camp or the "gimmick that on the surface looks like a good idea, but falls down in practice or leads to bad practices or is just plain silly" camp.

    Good Day,
        Dean

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://915518]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (8)
As of 2016-10-01 19:13 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    How many different varieties (color, size, etc) of socks do you have in your sock drawer?






    Results (6 votes). Check out past polls.