> Whatever code you want to run must include the decryption
> key in order for it to then be decrypted and loaded into the perl
> interpreter for execution.
>
> If security by obscurity is good enough for you then go ahead
> but don't think this approach provides any real code security.
The code itself needn't contain the key. However it can be made
available in various ways to those who wish to execute it. I have a
decent familiarity with the concepts of encryption and data/computer
security. Just tossing around some ideas for different approaches
to it. It may or may not result in anything useful, but it's an
interesting area for experimentation nonetheless. The purpose isn't
to obscure the code from those who will be hosting it, but rather to
make life difficult for anyone who manages to exploit the webserver,
etc. In most cases to do with security, there is no 100% secure
anything. It's almost always a trade off. The biggest question is
how well it would scale in a production environment. I'm thinking
it wouldn't, but I'd like to try it out anyway.
PS. Thanks to everyone who's answered so far. I'll be following up
on your suggestions at the first available opportunity.
-Shaun Fryer
--
"Art begins with craft, and there is
no art until craft has been mastered.
You can't create until you're willing
to subordinate the creative impulses
to the constriction of a form."
- Anthony Burgess
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
