Perl-Sensitive Sunglasses | |
PerlMonks |
Re^4: The Importance of Being Earnestby radiantmatrix (Parson) |
on Sep 22, 2006 at 16:22 UTC ( [id://574401]=note: print w/replies, xml ) | Need Help?? |
If someone has altered and replaced perl itself, then all programs, as you say, have a "huge security hole". Dude, that was kind of his point. Any application which has dependencies has, as a potential security risk, malicious or accidental alteration of those dependencies. Fortunately, since you weren't using the MD5 for anything (except to display it), your particular implementation doesn't represent a significant risk; the point is, you can't ever say "it has no security holes". On a side note, one of my clients uses a digest (Digest::SHA-256, in this case) for file integrity checking. As an extra layer of security, files with known digests are fed to the production tool, and its output is checked against a separate implementation of the algorithm (on an off-network machine): if ever they fail to match, the box will be marked compromised and rebuilt.
<–radiant.matrix–>
A collection of thoughts and links from the minds of geeks The Code that can be seen is not the true Code I haven't found a problem yet that can't be solved by a well-placed trebuchet
In Section
Meditations
|
|