in reply to How to hide a password in a script?
This is a security problem and I wouldn't recommend it. But here's an idea to think about. Take a password, add a certain ammount of characters given by some algorithm in between each character (reversable obviously) then start using the pack/unpack functions. Once you have something that doesn't look anything like the password assign that value somewhere. Wherever your password is going to be transformed back, put a lot of pack/unpack statements that return values to a variable, but use the REAL pack and unpacking code to assign it to the default variable, then somewhere pick up the value in $_ . Adding a usless __DATA__ block might be a nice touch for a decoy.
I would think this would be enough to keep casual snoopers (who aren't very technical) out, but anyone who really wants to know will probably be able to tear through your script no matter what. Some of us actually have fun tearing apart sudo security schemese like this =)
Re^2: How to hide a password in a script?
by dataking (Acolyte) on Aug 06, 2004 at 19:44 UTC
|
I was actually working on a scheme which would do something like this, but character by character, then reassemble the keyword on the fly, as opposed to storing the whole word in a single variable. But I like the _DATA_ decoy. | [reply] |
|