Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
Well, if all you want is slightly more security, there might be a hardware-based solution that's not that hard to make. The idea is to build a small storage readable from the parallel port, which is only readable after startup. As soon as a special pin on the parallel port is toggled once, that storage isn't accessible anymore (until the next reboot of the machine).

Anyone versed in electronics could build something like this with a relais and some diodes, and an eprom for storage. The trick is that the relais is off after a power down or a reset. When a special pin is toggled, the relais gets turned on and then holds itself on. If the relais is also connected to an adress pin of the eprom, the previous accessible adress range is changed irrevocably

A similar idea without a relais: The eproms lower address pins are not directly connected to the parallel port pins, but to a counter circuit that can only count upwards and does not overflow to 0 (or the highest bit just never turns to 0 after it changed to 1).

Or you get a small microcontroller (for example a PIC) to do that.

You also need a compiled (C or C++) wrapper around your database that does the key retrieval and database decoding with lots of obfuscation and checksumming of the wrapper so that the attacker can't easily patch the code after decompiling it.

This scheme is not much more than an obfuscation. If the attacker knows what's going on, he will just replace the perl code to make a complete dump of the database and reboot the machine. But to find that out he probably needs to do a lot of testing and a few risky revisits to your machine. Not just an easy hit and run.

The hardware is necessary so that the attacker can't just copy your hard disk and search for the key in his remote copy. The compiled decoding wrapper is necessary so that he can't just read the program, find the $key and add one line system("echo $key > /tmp/foo"); on his next visit.

The security you get is not much, but it's the most you can hope for against an attacker with root access. But the time you would have to invest to build this system is considerable. So entering the password at every reboot might be inconvenient, but it gives you the same security with a lot less work.

PS: If you can't deploy a second machine to act as independent database server, why not split your one machine into two virtual ones?

In reply to Re: Cryptology in the database by jethro
in thread Cryptology in the database by patspam

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others cooling their heels in the Monastery: (4)
    As of 2021-04-20 02:07 GMT
    Find Nodes?
      Voting Booth?

      No recent polls found