This is an archived low-energy page for bots and other anonmyous visitors. Please sign up if you are a human and want to interact.

It's actually better if you don't decrypt the password at all. Instead, encrypt the password you got from the user exactly the same as the one in the database was and compare them.

Never having passwords (or other secure data) in memory is a Holy Grail that isn't always possible, but it's a good goal.

I agree, however this isn't for use in checking a password that a user supplied. It's for listing passwords that are stored in the database for an application that manages host information. Which is why I am using Blowfish to encrypt them instead of doing a SHA1 or MD5 hash.

Also in this database are IP addresses that have been stored in a packed() format (by a previous developer). So my question also applies to them, and is not just strictly for the passwords.

IE:
The ip needs to be unpacked when it is read from the database, and then packed again before it is stored. So that I can keep my CDBI code transparent to the fact that this stuff is going on behind the scenes:

# to find the row that has this ip.
my $obj = MyModule->search(ip => "127.0.0.1");

# or to print out the ip
print $obj->ip;

# or to update the ip...
$obj->ip("192.168.0.1");
$obj->update();
[download]

I suppose I can always make methods like decode_ip, encode_ip, encrypt_password, etc... I just thought it'd be good to have it part of my CDBI class to make sure that the data gets written into the database in the correctly (ie: no passwords accidentally stored unecrypted because of a forgotten method call)

For IP addresses, I would have them inflate to a NetAddr::IP object:

use NetAddr::IP;
__PACKAGE__->has_a( ip_addr => 'NetAddr::IP' 
    inflate => sub { 
        my $packed = shift;
        # Unpack the IP addr here into $ip and $netmask
        return NetAddr::IP->new( $ip, $netmask );
    }, 
    deflate => sub { 
        my $addr = shift;
        # Take the NetAddr::IP instance and pack it 
        # into $packed
        return $packed;
    }, 
);
[download]

Using Class::DBI = Good
Using Class::DBI with inflation of many fields to objects = Better (usually)

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

: () { :|:& };:

Note: All code is untested, unless otherwise stated