Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re^2: RFC: SecureString - Obfuscated / masked strings exept when you need them

by duelafn (Vicar)
on Jul 22, 2011 at 18:04 UTC ( #916179=note: print w/replies, xml ) Need Help??


in reply to Re: RFC: SecureString - Obfuscated / masked strings exept when you need them
in thread RFC: SecureString - Obfuscated / masked strings exept when you need them

Yes, very important. I store the sensitive value Inside-Out, and incompatilibity with data serialization tools is one of the classic (dis)advantages of inside-out objects. The serializer simply can not access the sensitive data since the sensitive value is stored in a lexical variable in the Text::Hidden package.

Since debugging is often done with these serialization tools, in future versions I intend to try to serialize as smartly as possible: make it clear in the serialized output that the value has been masked; warn or die if a de-serialized object is used. Of course, I can only support the most popular serializers, but even those which will not have built-in support will not be able to access the sensitive value - even if they dump code references.

Regarding length of the value: Yes, I had waffled on that for a bit but for debugging purposes (detecting the empty string) went with length for now since overriding the obfuscated value to be a fixed string is easy. I will probably make the default a bit more safe/smart and even more debug-friendly in the next version. My plan now is to return: "«empty»" | "«undef»" | "XXXXX" (fixed length) as appropriate from the default obfuscator.

Good Day,
    Dean

  • Comment on Re^2: RFC: SecureString - Obfuscated / masked strings exept when you need them

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://916179]
help
Chatterbox?
[marto]: the ticketing system does not accept calls via email, nor has it a working API. It's tied into Active Directory for authentication and the Solaris boxes aren't on that domain
[Corion]: The one thing I haven't figured out a solution to is how to get an edge-trigger instead of sending an email every 5 minutes if the usage is above 90%. I want one mail when it goes over 90% but no more emails as long as it stays between 90% and 95%.
[Corion]: marto: Clever! ;)
[Corion]: You can only reach me by pager
[Corion]: Maybe the solution would be to launch a cron job every minute that takes two measurements a minute apart and sends a mail if the usage is below on the first and above threshold on the last measurement
[marto]: that's essentially it :)
[marto]: I think the long term solution would be to have sysadmins that do their job, so I don't have to do everything :P
[marto]: they already have an entire BMC patrol system, which they disabled, because it was sending out spurious messages. So rather than fix the issue, or even find out what it was, they turned it off. No messages, can't be any problems, right?
[Corion]: marto: But having open tickets / incidents increases the pressure on them ;) Of course, likely your contract / SLA specifies an upper limit for the number of incidents :-D
[Corion]: marto: Ow ...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (7)
As of 2017-01-24 10:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Do you watch meteor showers?




    Results (203 votes). Check out past polls.