Re: How to tell if something is encrypted

You can do something a bit like the way passwords are stored in LDAP servers - write out the parameter as <input type="hidden" name="foo" value="{blowfish}As92Kd..">. Then, just check $val with a regex...

my $string = "Hello";
if ($enc) {
   print '{blowfish}', encrypt_string ($string);
} else {
   print "{unencrypted}$string";
}
....
my $val = $q->param ('foo');
my $actual_val;
if ($val =~ /^{([a-z]+)}(.*)$/) {
   if ($1 eq 'blowfish') {
      $actual_val = decrypt ($2);
   } else {
      $actual_val = $2;
} else {
   $actual_val = $val;   # didn't match - old-style param?
}
[download]

That way, you should be able to re-write the bits you need to take encryption, without breaking the old-style way of doing things, unless {something} appears in your params :)

Comment on Re: How to tell if something is encrypted Select or Download Code

Replies are listed 'Best First'.
Re: Re: How to tell if something is encrypted by Sifmole (Chaplain) on Apr 18, 2001 at 20:41 UTC
This is almost exactly the idea that I have been playing with. I was however hoping for a method that would avoid picking an "arbitrary" string. I too believe that, given a sufficiently "weird" string, this method is unlikely to cause a false positive on the encryption question. As a note: I actually have written an extension to CGI.pm to make the param() method perform the decryption where appropriate. That means the coders do not have to alter anything to decrypt() the information. Thank you all for your suggestions.	[reply]

Replies are listed 'Best First'.

Re: Re: How to tell if something is encrypted
by Sifmole (Chaplain) on Apr 18, 2001 at 20:41 UTC

As a note: I actually have written an extension to CGI.pm to make the param() method perform the decryption where appropriate. That means the coders do not have to alter anything to decrypt() the information.

Thank you all for your suggestions.

[reply]