in reply to Quest: a bulletproof-secure, automated scraper

This problem seems to me the same wherever secure automation is required. The solution that I am employing in an automated SFTP application is as follows (substitute PGP for SFTP to apply to your problem):

I have had success with this approach in both cygwin and Solaris environments. I think you might research an approach that uses GPG to encrypt your bank PIN, and Perl modules for GPG integration. The pass phrase that I referred to above is for the GPG key, not your bank PIN, so even if someone watched you type it in, they still wouldn't have your PIN.

This just seemed related to the problem I'm working on, but I haven't tried automating GPG, so I don't know if it would actually work. A key issue in my application comes from SarbOx and how to protect things from a compromised superuser account.


  • Comment on Re: Quest: a bulletproof-secure, automated scraper

Replies are listed 'Best First'.
Re^2: Quest: a bulletproof-secure, automated scraper
by webengr (Pilgrim) on Mar 19, 2005 at 05:19 UTC

    Okay, after re-reading my post I can see that in a GPG scenario root could quite easily get the PIN simply by running a different script to access the gpg-agent. In my SFTP scenario, the thing I am protecting is the ssh key, and that's a lot easier to do.

    Perhaps you can keep your PIN in a database with access controls in place. But a compromised root account can make protecting something on disk extremely difficult.

    I will be watchiing this thread with great interest.

    Update: removed extraneous punctuation