Shawn, et al -- ...and then Shawn said... % % Don't use %ENV to store anything, and try to keep you're data in some
Right! % sort of secure form in memory (encrypted or something). Now that's an interesting one... Suppose someone feeds this script a password or a credit card number or such (that is, something manageable, even if only for me since perl could suck the OED into $oed and not care :-) and you want to work with it. When you get it you have to process it somehow. When you get the data, it will probably be in plaintext (a form field over an https connection, say) and you get to encrypt it from there. That I can follow, but: 1) Can the suggested "secure form in memory" help you at that early stage, when it arrives in plaintext? 2) How do you then work with it when it's sitting encrypted in memory (in order to, say, hand it off to your merchant account processor for billing) without thereby having it in plaintext (either in memory or somewhere else)? % % There are system level things to keep your data safe, and application % level methods. I prefer to use both methods if I can. Indeed. % % No amount of wiping and encrypting is going to keep data safe without % good secure design from the ground up. Sometimes, system level security % can be made almost superfluous. Almost :-) TIA & HAND :-D -- David T-G * It's easier to fight for one's principles (play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie (work) [EMAIL PROTECTED] http://www.justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
msg24893/pgp00000.pgp
Description: PGP signature
