Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Re: Quest: a bulletproof-secure, automated scraper

by jhourcle (Prior)
on Mar 19, 2005 at 05:13 UTC ( #440871=note: print w/replies, xml ) Need Help??


in reply to Quest: a bulletproof-secure, automated scraper

There is no way to store information in a way that it can be able to be decrypted, without it being also insecure in some fashion. This is one of the big problems with storing SSL private keys -- you either have to have someone key in the passphrase when it starts up, leave it unlocked, or encode the password as plain text (or some way to get it decrypted, and the instructions to decrypt it).

Your best bet is to have the process run as a daemon, and enter in the information when it starts up. It can still be recovered if someone can force it to core dump, and then they can go through it for the information, but it's about as secure as you're going to get. (well, you could store in memory encrypted, with the information to decode it, but again, someone who really wants the information could get to it.)

As with anything, all you can do is slow someone down who might gain access -- unlink the script after you've started the process, etc, but it's never going to be perfect. You'll have to decide for yourself how the risks associated with the task compare to the benefits that you might get from it.

Oh ... and it is possible to hide processes from showing up in the process list (so it's harder for people to find and kill it, especially if it deletes itself when running, so there's no file to associated it with), but then we're getting into the process of how to hide worms and rootkits.

  • Comment on Re: Quest: a bulletproof-secure, automated scraper

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://440871]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (2)
As of 2022-08-14 13:37 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?