Syntactic Confectionery Delight | |
PerlMonks |
Re: RFC: SecureString - Obfuscated / masked strings exept when you need themby thargas (Deacon) |
on Jul 22, 2011 at 16:42 UTC ( [id://916162]=note: print w/replies, xml ) | Need Help?? |
One question: what about Data::Dumper and friends? Sure what you've done is interesting, but if a password is part of a structure or object which gets dumped, you're no further ahead. I'd suggest storing the value as sub { $value }. At least it won't be so obvious then. Otherwise, I like it. Oh yes. Also I don't think that the default obfusticator ought to use the length of the value in the masked string as that leaks information, i.e. the length of the value. And I prefer Text::Masked
In Section
Meditations
|
|