Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re: RFC: SecureString - Obfuscated / masked strings exept when you need them

by iguanodon (Curate)
on Jul 19, 2011 at 18:26 UTC ( #915518=note: print w/ replies, xml ) Need Help??


in reply to RFC: SecureString - Obfuscated / masked strings exept when you need them

Sorry if I'm missing the point, but why can't you just not log the sensitive data?


Comment on Re: RFC: SecureString - Obfuscated / masked strings exept when you need them
Re^2: RFC: SecureString - Obfuscated / masked strings exept when you need them
by duelafn (Priest) on Jul 19, 2011 at 21:13 UTC

    Indeed, possible. That falls under the "Be more careful" option, however, the assumption of "CONSTANT VIGILANCE!" is the enemy of good security. Up until now, I have stuck with the constant vigilance approach, but it can get difficult. For instance, some systems save values/query parameters into some form of "global" request object/hash then pass that thing around. While that is a bad idea security-wise (for exactly this issue), it is not an uncommon approach and can be done in a reasonable way (meaning, I have seen at least one system that did this that was robust and not painful to work with).

    So far, I think that an approach such as SecureString would be easier/safer in these situations, and probably also in more security-ideal situations. Of course, I've been mulling the idea around subconsciously for a while and I wrote the thing, so of course it looks like a good idea to me. I am not yet sure whether this type of approach falls in the "good idea" camp or the "gimmick that on the surface looks like a good idea, but falls down in practice or leads to bad practices or is just plain silly" camp.

    Good Day,
        Dean

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://915518]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (6)
As of 2015-07-04 18:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (60 votes), past polls