Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re^2: RFC: SecureString - Obfuscated / masked strings exept when you need them

by duelafn (Priest)
on Jul 22, 2011 at 18:04 UTC ( #916179=note: print w/ replies, xml ) Need Help??


in reply to Re: RFC: SecureString - Obfuscated / masked strings exept when you need them
in thread RFC: SecureString - Obfuscated / masked strings exept when you need them

Yes, very important. I store the sensitive value Inside-Out, and incompatilibity with data serialization tools is one of the classic (dis)advantages of inside-out objects. The serializer simply can not access the sensitive data since the sensitive value is stored in a lexical variable in the Text::Hidden package.

Since debugging is often done with these serialization tools, in future versions I intend to try to serialize as smartly as possible: make it clear in the serialized output that the value has been masked; warn or die if a de-serialized object is used. Of course, I can only support the most popular serializers, but even those which will not have built-in support will not be able to access the sensitive value - even if they dump code references.

Regarding length of the value: Yes, I had waffled on that for a bit but for debugging purposes (detecting the empty string) went with length for now since overriding the obfuscated value to be a fixed string is easy. I will probably make the default a bit more safe/smart and even more debug-friendly in the next version. My plan now is to return: "«empty»" | "«undef»" | "XXXXX" (fixed length) as appropriate from the default obfuscator.

Good Day,
    Dean


Comment on Re^2: RFC: SecureString - Obfuscated / masked strings exept when you need them

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://916179]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (5)
As of 2015-07-06 01:53 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (68 votes), past polls