comment on

This is very close to what pjf and I were talking about. If we were to talk some sort of implementation from the programmer side of things you might do something like this:

#!/usr/bin/perl -wTR
use strict;
use CGI;
use DBI;

restrict DBPassword, DB;

my DBPassword $passwd = "abcdef";
my DB $dbh = DBI->connect("DBI:mysql:something", 
                          "someone", $passwd);    # ALLOWED

my $cgi = new CGI;
print $cgi->header();

print $passwd;           # NOT ALLOWED, program terminates
print STDERR $passwd;    # NOT ALLOWED, program terminates

open(FILE, "> somefile") or die "Failed to open: $!";
print FILE $passwd;      # NOT ALLOWED, program terminates

restrict CreditCard, CreditCardGateway;

my CreditCard $credit_card = $cgi->param("credit_card");
my CreditCard $expiry = $cgi->param("expiry");

my $foo = "$credit_card $expiry";   # Foo is now 
                                     # CreditCard type too.

print $foo;         # NOT ALLOWED, program terminates
print STDERR $foo;  # NOT ALLOWED, program terminates
print FILE $foo;    # NOT ALLOWED, program terminates

my CreditCardGateway $gateway;
open ($gateway, "| cc_card_gateway") or die "failed to open gateway: $
+!";

print $gateway $foo;          # ALLOWED
print $gateway $credit_card;  # ALLOWED
print $gateway $expiry;       # ALLOWED

$foo++;       # Still of CreditCard type...
[download]

We'd probably also want a way to allow cleaning of these variables so they could be printed to files, or sent as email etc. Perhaps something like this:

restrict CreditCard, CreditCardGateway;
filter CreditCard, \&clean_credit_card;

my CreditCard $credit_card = $cgi->param("credit_card");
print $credit_card;        # ALLOWED (filters card)

my CreditCardGateway $gateway;
open ($gateway, "| cc_card_gateway") or die "failed to open gateway: $
+!";

print $gateway $credit_card;  # ALLOWED (prints full 
                               # details)

# very very naive cleaning function
sub clean_credit_card {
    my ($restricted) = @_;

    $restricted = s/.{12}/./;  # replace 12 digits with .s 
    return $restricted;
}
[download]

By providing a filter function we should be able to send this data on any output. Outputs which are of the correct type get the full data and everything else gets the filtered data. The absense of a nominated filter ensures that the output can ONLY be sent to correct outputs.

What this gives us is the ability to specifically choose where our data can go. We still have to make sure that we correctly filter stuff (just like we shouldn't use the regexp /(.*)/ in taint checking) but it helps us be just that little bit more sure that we're not going to make stupid mistakes and send out private date to the wrong person/process.

So, does anyone other than pjf and I think this would be worth while?

Update: changed the title

In reply to Restricted' data, a clarification by jarich
in thread 'Restricted' data, an additional security mechanism for Perl. by pjf

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.