in reply to Re: Binary config file suggestions
in thread Binary config file suggestions

Fletch,
I am not sure how that helps. I think it "fails" for the same reason Storable fails. If the "bad guys" have the ability to see the perl to know it is a storable file in the first place, then they would know how to reverse the process. This is all hand wavy since I don't think we are getting the whole story.

Assuming that the "bad guys" have the ability to read the perl script but not execute it, then I would suggest using AES encryption and storing the key in a file that can be read by the process executing the perl script but not by the "bad guy". Again, very hand wavy.

Cheers - L~R

Replies are listed 'Best First'.
Re^3: Binary config file suggestions
by Fletch (Bishop) on Mar 12, 2009 at 17:44 UTC

    He's not looking to keep out bad guys (at least that's how I took the "Basically I'm just trying to keep the honest people honest :)" comment), but just trying to obfuscate things to prevent overeager-but-authorized users from monkeying with the shiny bits inside. Gzip'ing it and removing the magic puts an admittedly tiny speed bump in front of them.

    At least that's how I read it; he's not looking for a safe, he's looking for a way to keep the too-smart-for-their-own-good from taking a blunt object to the engine of their own car. But if it were a case of guarding against black hats then yes sound proven crypto (AES, Blowfish, yadda yadda) certainly would be the way to go.

    Update: Tweaked second para's first sentence.

    The cake is a lie.
    The cake is a lie.
    The cake is a lie.

[reply]
      Fletch,
      I am still confused. Perhaps it is because I have never attempted to modify a Storable file with vi. I, perhaps incorrectly, assumed that the issue was that the "bad guy" (yes, I intentionally quoted it because I realize what we are talking about) could see that it was a Storable file and then manipulate it (using perl). If that's the case, then compressing it gives no advantage because they could just uncompress it (using perl).

      Cheers - L~R

[reply]

        What I'm reading is that the OP's worried that if it's obviously a Storable file not that they can modify it using vi but that they can (trivially) retrieve, diddle the contents, and restore. Compressing it and removing the gzip magic means they can't just blindly gunzip it, not to mention that file(1) probably won't correctly identify the file contents.

        Again, it's not intended to be a fool-proof mechanism but another layer of (again trivial, minor, laughable) obfuscation. I'm presuming they're just trying to make the config file slightly more opaque than vanilla Storable blob to discourage random tinkering as a shortcut (e.g. "This is just a quick tweak . . . ah, file fooble.cfg says it's perl Storable(v0.7) data. *clickety* perl -MStorable -le '...' *wham wham* Oops." versus "Hrmm, file fooble.cfg just says data; guess I'd better just crank up fooble_configurator.").

        That being said, the entire exercise is pretty silly and they'd probably be just as well off with explicit policy and threats of bodily harm (viz. "You can get more with a kind word and a two-by-four than you can with just a kind word." :)

        The cake is a lie.
        The cake is a lie.
        The cake is a lie.

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom