tlm has asked for the wisdom of the Perl Monks concerning the following question:
I want to write a Perl script that will periodically log in to my bank account's web page and report back a summary of information. This script should run securely and without supervision. Naturally, it will need to know sensitive information, such as passwords, account numbers, etc., and I wonder if it possible for a lowly monk wannabe to write a Perl script that keeps this information safe.
The first solution that occurred to me was to rely on a source filter like Filter::Crypto, but the following caveat in that module's man page gives me pause:
This techinique can never completely hide the original unencrypted source code from people sufficiently determined to get it. The most it can hope for is to hide it from casual prying eyes, and to outdo everyone who is using a precompiled Perl (at least from "regular" sources) and everyone who isn't knowledgeable enough to suitably modify the Perl source code before compiling their own.
Perl source code decryption filters work by intercepting the source stream (read from the encrypted file) and modifying it (in this case, decrypting it) before it reaches the Perl parser. Clearly, by the time the source reaches the parser it must be decrypted, otherwise the script cannot be run. This means that every part of the script must at some stage be held in memory in an unencrypted state, so anyone with the appropriate debugging skills will be able to get it.
If Perl was built with DEBUGGING then running the script with the Perl's -Dp command-line option makes this much easier. Even without a DEBUGGING Perl, the script can still be run under the Perl debugger (Perl's -d command-line option), whose l command will list the (decrypted) source code that was fed to the parser.
In fact, with the introduction of the Perl compiler backend modules it is now easy to get at the decrypted source code without any debugging skills at all.
I have thought of other schemes, too outlandish and elaborate to bother you with. I have looked in various sources (e.g. perlsec, book searches in Amazon, Google, etc., but I have found nothing that addresses my concerns.
Given that I'm no Donald Trump, it is probably safe to assume that no one is going to waste much time trying to break into my bank account, but I really don't want to take any chances (plus I am genuinely curious about how one goes about dealing with this problem without cutting any corners).
In case it makes any difference, the OS for which this script is intended is (Debian) Linux.
I look forward to reading your opinions on this.
Update: In retrospect I should have phrased the ending of this question as follows:
My question to you, fellow monks, is, if you wanted to set up such an automated screen scraper to collect data from your bank account, how would you do it? How would you architect the solution? What CPAN modules would you use? What other non-Perl software would you use? What special hardware does your solution require, if any? What books/articles/tutorials/authors would you consult to craft your solution?
I realize that this problem, like any problem, does not have a perfect solution. I do not want a perfect solution, just the best solution that I can achieve.
I also realize that there is a largely unspecified context to my project, and that there are many aspects of this context (e.g. how secure is my computer to attack) that would render any solution to my question pointless. (But this is true of any question posted in SoPW. For example, any reply to a request for an efficient algorithm would be pointless if this algorithm is used in a program that does something horribly inefficient elsewhere. It's the ol' Langsam's Law: Everything depends.) This is why I ask you how you would solve the problem.
the lowliest monk