Re: Re: What data is code?

I can't manipulate the encrypting process itself since I use Crypt::CBC. The user (of the module) will provide keyphrase and cipher. I could check the very first string (til it matches an ;) after the use statement with eval tho :)

Greetz
Beatnik
... Quidquid perl dictum sit, altum viditur.

Comment on Re: Re: What data is code? Download Code

Replies are listed 'Best First'.
Re: Re: Re: What data is code? by Anonymous Monk on Nov 22, 2001 at 04:39 UTC
It shouldn't matter that the user has control over the code encryption technique, you only need control the magic. When your filter is called it can encrypt a special string (magic cookie) by any means it wishes. Now, it can test the incoming code to see if that encrypted string is at the beginning: `if(index($_,$cookie) == 0)`. If it is then the file is encrypted, so strip it off and then decrypt the rest using the user's specified parameters. If it isn't there, encrypt the code via the user's parameters, prepend your encrypted magic cookie, overwrite the source file and exit. You have control over the cookie, you can create it, test for it, add it or strip it as required.	[reply] [d/l]

Replies are listed 'Best First'.

Re: Re: Re: What data is code?
by Anonymous Monk on Nov 22, 2001 at 04:39 UTC

It shouldn't matter that the user has control over the code encryption technique, you only need control the magic. When your filter is called it can encrypt a special string (magic cookie) by any means it wishes. Now, it can test the incoming code to see if that encrypted string is at the beginning: if(index($_,$cookie) == 0). If it is then the file is encrypted, so strip it off and then decrypt the rest using the user's specified parameters. If it isn't there, encrypt the code via the user's parameters, prepend your encrypted magic cookie, overwrite the source file and exit. You have control over the cookie, you can create it, test for it, add it or strip it as required.

[reply]
[d/l]