Hello everyone,
I'm in need of storing a few pieces of text in a text file on my server
and want to keep it encrypted, but not permission restricted as Apache
will need to read it and my webserver runs as the nobody user.
I'm using the Business::OnlinePayment::AuthorizeNet module to process
transactions, and would like a secure way to store my transaction-key on
my server, rather than keeping it as plain text in my perl script.
It looks something like: N5GjgbQ32au8X3kf (16 characters A-Za-z0-9)
I've looked at several of the encryption modules and am looking for
suggestions of modules to use. I have been looking at Crypt::Blowfish
and it seems to serve my purpose, but I have a few questions.
using this code from the Blowfish module page:
my $key = pack("H16", "0123456789ABCDEF"); # min. 8 bytes
my $cipher = new Crypt::Blowfish $key;
my $ciphertext = $cipher->encrypt("plaintex"); # SEE NOTES
print unpack("H16", $ciphertext), "\n";
If I were to store $ciphertext in a text file on my server and when I need it
run unpack using the $key, wouldn't someone who had the $key be able to decrypt
whatever the $ciphertext is?
Basically I need to have a perl script accessable from the web, yet keep anyone
on the server from from being able to view the $key.
Does any of this make sense?
Anyone have ideas?
Thanks,
Kevin
--
K Old <[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
