Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
sections in the config file to store sensitive content that must be encrypted ie the connection string and must be decrypted by the application.

This may give you a warm fuzzy feeling that you have used encryption and so everything simply just must be safe.

But this is just a little annoyance for anyone trying to get the data: The application must contain the decryption code, and it must contain the decryption key. Both can be extracted, and with the addition of a few simple print statements, you can see the "protected" information in plain text. If the decryption code is burried in the runtime environment, things become even easier for an attacker: Just find the key, call the runtime environment's decryption routine in your own ten line script, and print what it returns when processing the "protected" information.

Oh, and I almost forgot: How does it help to encrypt information in a config file that are afterwards transmitted in clear through the network, e.g. when connecting to a MySQL or FTP server?

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

In reply to Re^2: Where should I have configuration information in a file or database by afoken
in thread Where should I have configuration information in a file or database by vinoth.ree

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    [marioroy]: Naming things can be difficult, sometimes more so that the actual code :)
    [karlgoethebier]: Lady_Aleena: You need to jump to some conclusion
    [Lady_Aleena]: And what would I rename RolePlaying/Random .pm to if I move all the RolePlaying/Random modules to just Random? Random/Util.pm Random/Base.pm, maybe lowercase the file name to indicate it is a bit different? I don't know yet.
    [marioroy]: What does Random do?
    [karlgoethebier]: https://www. youtube.com/watch? v=42WNHGr1jGI
    [Lady_Aleena]: karlgoethebeir, I finished another project tonight, making a module which printed stop printing. It was a headache and a half.
    [karlgoethebier]: Lady_Aleena: Try it!
    [Lady_Aleena]: marioroy, it has 3 subroutines which can be fed data to generate random things. See here.

    How do I use this? | Other CB clients
    Other Users?
    Others exploiting the Monastery: (8)
    As of 2017-05-29 08:58 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?