Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Comment on

( #3333=superdoc: print w/ replies, xml ) Need Help??

Encrypted data with decryption code and decryption key side by side is just a little bit more anoying to read than unencrypted data, but it is not one bit more secure, even with state of the art highest grade encryption.

If you are root on your machine, storing data in your standard unprivileged account with mode 0600 or even 0400 is sufficient most of the times. If you need to worry about your data (1), put $HOME on a strongly encrypted partition and ask for a pass phrase every time you mount that partition.

If you are not root on the machine, and you can't trust root 200%, don't store sensitive data there. The root user can bypass all security measures, he can install keyboard loggers and can trace every system call of each program you start. Even an encrypted filesystem image, loop-mounted, is not secure with a malicious root user.

It's sad that one still has to use simple passwords for so many services. Wherever possible, switch to certificates, especially for SSH. And by the way, client certificates are possible with SSL-encrypted HTTP (a.k.a. HTTPS), but the server must be configured for them to work. And yes, I'm aware that Twitter won't switch to high grade encryption certificates just because a few perl monks don't feel good storing plain text passwords in a script or configuration file. Not yet ... ;-)

Alexander

(1) E.g. because your gouvernment runs amok, because you work with sensitive data from your client(s), because you are an investigative journalist, a doctor, a priest, a lawyer, or maybe because you are just a little bit paranoid.

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

In reply to Re^2: best way to store login information for a perl script? by afoken
in thread best way to store login information for a perl script? by keiusui

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • Outside of code tags, you may need to use entities for some characters:
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others pondering the Monastery: (6)
    As of 2014-07-26 02:14 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      My favorite superfluous repetitious redundant duplicative phrase is:









      Results (175 votes), past polls