I am writing a module to store and retrieve multiple passwords and want to make sure that the module is as secure as possible in terms of users of the module not being able to access any of the module variables.

I have tried 2 approaches, and both work (i.e. I haven't been able to break them) , but I'd like any comments on whether one is "more secure" than the other.

Method 1 - enclose package in a scope 

{ # Hide everything

package Crypt::Password;

our @EXPORT_OK = (public_func);

my $secret_var1 = 0;
my $secret_hash = ();

sub private_func ()

sub public_func ()
}

[download]

Method 2 - store variables in pointer (could be an object); 

package Crypt::Password;

our @EXPORT_OK = (public_func);
sub private_func ()

sub public_func (

   my $p;
      $p->{secret_var1} = 0;
      $p->{secret_hash) = ();
   private_func($p);
# could be bless ($p,"Crypt::Password") and then
#          $p->private_func();
)

[download]
The second approach passes a ref to all of the variables as needed, but this can become a pain.

P.S. I'll be posting the code soon. It allows interactive retrival of passwords from a database. Used for personal storage of e.g. website logins, or can be used by multiple users (e.g. sysadms) to store passwords to multiple hosts.
--
Brovnik

In reply to Hiding my variables by Brovnik

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.