First, you have to acknowledge security comes with a cost, whether it is less maintainable code, or speed or pick some other poison.
Often times we write things to help us maintain systems, servers..whatever. But I have found myself recently writing scripts to maintain my scripts. If that sounds a bit weird it may be. For example, a different approach to your above example would be to put your hash info into a database or flatfile - whatever that can having differing permissions.
Using mysql as an example, you can have one user - let's call this user script, have read only permissions on your configuration database table. If someone can see your source, they can find a way to read from the database (same as seeing your hash). You sacrifice a bit of speed making that call to the database - perhaps a lot of speed in some cases.
However, you can then in turn write another script, using a different user, let's call this user ovid, who has write permissions. This script can check to see if the directories exist, if not create them, set up proper permissions, and put the proper information into the database.
So, if you need to add something to your *script*, you simply run the *ovid* which sets things up for you.
Costs: original setup *may* be longer, speed *may* be slower
Gains: security is tight, script has a predictable and maintainable method.
Not better, but perhaps different enough.
EEjack
In reply to Re: Orthogonal Code and Security
by eejack
in thread Orthogonal Code and Security
by Ovid
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |