Shawn, et al -- ...and then Shawn said... % % On 05/28, Shawn said something like: % > On 05/28, David T-G said something like: % > > % sort of secure form in memory (encrypted or something). % > > % > > Now that's an interesting one... Suppose someone feeds this script a ... % > % > This protects the data from customer to customer, and there is no need % > at all for plaintext if wherever the data goes understands ciphers. % % Now, I'm not sure if this addresses your question. Basically, I just
In general, it does. % mean to say there's no need to expose the most critically private info % to cleartext variables for the duration of a program's runtime. OK. I wasn't sure whether it was that simple or whether instead perl (and probably other things) could handle such transactions securely in the face of prying eyes. While I'm sure that the answer is something like "anything can, given enough darned inconvenient security", practically it sounds like it's the same tradeoff but not impossible to have a fairly robust and secure system. % % Also, examine the codepath for any duration there will be sensitive % cleartext in memory, minimize it, check all input, watch for races, etc. Minimizing time spent in cleartext is a good one. Races are easy and well-known these days (though certainly not unheard of even now!). % % Also, no harm in having a password protected cipher key in memory to % decrypt the data, as long as it's done right. This can be just as % dangerous as plaintext if done wrong. Remember, a script probably does % not need to "see" everything itself. That's an interesting concept; I'm going to have to think about that for a bit. % % In any case, the "script" will know how to decrypt the data, it will % have a key, and the password for the key for some of it's runtime, and Gotcha. It could even be some and not all, which hadn't occurred to me. % it can be discovered by a third party if access to the program's memory % is gained, it's a fact of life. This just makes it harder. Right. % % Any wipe, cipher, obfuscate, gonkulate scheme is only as strong as its % weakest link. I just try to make things as blind to sensitive data as I % can, which is dictated by the functionality demanded. Makes sense. % % -- % Shawn Leas % [EMAIL PROTECTED] % % I used to work in a fire hydrant factory. You couldn't park % anywhere near the place. % -- Stephen Wright Thanks & HAND :-D -- David T-G * It's easier to fight for one's principles (play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie (work) [EMAIL PROTECTED] http://www.justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
msg24957/pgp00000.pgp
Description: PGP signature
