Re: Re: Re: 'Restricted' data, an additional security mechanism for Perl.

With my orginal post, I was thinking of the situation where you read a password from the user, check it in a database, and then get rid of it. Having it automatically self-destruct could be handy. Abigail pointed out that this is probably useful in far fewer situations than I thought it might be.

Also, it could force you to rely on the implementation of certain functions. For instance, your password-checker sub's first implementation might only need to fetch the password once, but a later implementation fetches it twice. Now you have to increment your self-destruct paramameter in a place that might be very distant from the password checker sub.

In any case, it was just a brainstorm. A thought placed Out There without any initial prejudice.

----
: () { :|:& };:

Note: All code is untested, unless otherwise stated

Comment on Re: Re: Re: 'Restricted' data, an additional security mechanism for Perl. Download Code

Replies are listed 'Best First'.
Re: Re: Re: Re: 'Restricted' data, an additional security mechanism for Perl. by exussum0 (Vicar) on Feb 09, 2004 at 22:21 UTC
I'm dealing with the same exact situation you are right now. I store it in the app after it's been verified in one-way encrypted form. Worse for worse, I am weak against replay attacks, but at the same time, his password is a little safer, since only the encrypted form of the key is known, not the original. At least then, if the system is compromised, the black-hat won't try the password in other places, (bank, school, personal stuff.. etc) Play that funky music white boy..	[reply]

Replies are listed 'Best First'.

Re: Re: Re: Re: 'Restricted' data, an additional security mechanism for Perl.
by exussum0 (Vicar) on Feb 09, 2004 at 22:21 UTC

Play that funky music white boy..

[reply]