Nitrox has asked for the wisdom of the Perl Monks concerning the following question:

I'm using Cache::FileCache in a current project, this snippet is a quick example of setting a variable: 
use strict;
use Cache::FileCache;
my $cache = new Cache::FileCache({ 'namespace' => 'SharedCache'} );
$cache->set("STUFF", "1");

[download]
I have one application that writes to the Cache and another reads from it. My concern is, how can I add a dash of security? Currently all someone would have to do is run a similar snippet on the same box and they could overwrite any of the info.

I'd like to hear your ideas on how to tighten this up a smidgen.

-Nitrox

Replies are listed 'Best First'.
Re: Adding a bit of security to Cache::FileCache
by ehdonhon (Curate) on Aug 09, 2002 at 14:11 UTC

    Well, if you are worried about intentional collisions, then you should use umask.

    If you are worried about accidental collisions ( i.e. somebody running the same script by accident) then it sounds like you need to implement locking. You could take a look at Proc::Pid_File.

[reply]
Re: Adding a bit of security to Cache::FileCache
by Nitrox (Chaplain) on Aug 09, 2002 at 15:02 UTC
    My main concern is intentional collisions done by creating a separate script that writes to the same namespace.

    I'm terribly sorry but I also should have mentioned in my original post that this is running on a ActiveState Win32 system.

    -Nitrox

[reply]
      Why would you want to create a separate script that writes to the same namespace?

      Just don't do it, or write to a unique namespace.

      So what's it matter if information gets overwritten (what are you using this for, caching or what)?

      Don't confuse FileCache with a database. It's used for caching/sharing data.

      or use a nice flocking scheme if you can, or even a simple semaphore based solution separate from the FileCache module

      or better yet, why don't you (or we, i'll help) create a Cache::FileCache::FLOCKED which does simple semaphore based flock'ing?

      um, forget that. If you're getting collisions, prevent them. Make your keys sufficiently unique (appending time() works well). Just what exactly are you storing there?

      ____________________________________________________
      ** The Third rule of perl club is a statement of fact: pod is sexy.

[reply]
Re: Adding a bit of security to Cache::FileCache
by Nitrox (Chaplain) on Aug 10, 2002 at 14:21 UTC
    I'm not concerned with my scripts writing to the same namespace, it's more of a concern of a not-so-ethical user creating a script to write to the shared namespace.

    I'm fully aware of the usage of FileCache, I'm using it to share data between two separate processes. I have one 'always-running' process that reads,resets,and acts upon "flags" created by separate 'short-running' scripts.

    -Nitrox

[reply]

      Nitrox:

      I'm liking this thread, and it was interesting to hear why you are using File::Cache. Just a couple of things:

      1. Create a group for your 'short running scripts' and long running daemon to be a part of (this is probably possible in Win32 :).) Have the File::Cache write it's hierarchy to a place where only people in the group can read/write.
      2. Use a key, and encrypt the cache values. If you don't care if people can read through your keys, then this can add a smidge of integrity. That is, agree on a 'password' for all data being written to the key and then use an symmetric Crypt:: module.

      Hope that's helpful...Good luck!

      By the way, did you notice that on the File::Cache actually recomends using Cache::Cache instead? Hm...

      Kurt

[reply]
      umask sounds like the way to go. Just make sure your process runs under an account others can't login to.
[reply]

Back to Seekers of Perl Wisdom