in reply to Re^3: RFC: SecureString - Obfuscated / masked strings exept when you need them (finding)
in thread RFC: SecureString - Obfuscated / masked strings exept when you need them
Revised the synopsis in the original post (well... now it is entering into
I don't see how a tied filehandle with a default unhidden policy is
going to be a good idea at all. Consider:
open my $LOG, ">", "/var/log/my_app.log";
tie $LOG, "Text::Hidden::Handle", force => "hidden";
my $ccn = Text::Hidden->new( "1234567887654321", default => "unhidden"
print $LOG $ccn; # OK
print $LOG "Got CCN: $ccn"; # Oops! - premature stringification
Sure, interpolating a default unhidden string is always going to be
"dangerous", but the fragility near a filehandle that pretends to force the
values to hidden seems too far over the top. Unless I misunderstood your
I have however, added default unhidden and hide_from options as well as manual mask forcing. Additionally, I have added localized policy setting so that one need not globally choose default unhidden (see examples in OP). Do you think that the revised synopsis addresses your concerns / describes a potentially usable tool?