Re^3: Binary config file suggestions

He's not looking to keep out bad guys (at least that's how I took the "Basically I'm just trying to keep the honest people honest :)" comment), but just trying to obfuscate things to prevent overeager-but-authorized users from monkeying with the shiny bits inside. Gzip'ing it and removing the magic puts an admittedly tiny speed bump in front of them.

At least that's how I read it; he's not looking for a safe, he's looking for a way to keep the too-smart-for-their-own-good from taking a blunt object to the engine of their own car. But if it were a case of guarding against black hats then yes sound proven crypto (AES, Blowfish, yadda yadda) certainly would be the way to go.

Update: Tweaked second para's first sentence.

The cake is a lie.
The cake is a lie.
The cake is a lie.

Comment on Re^3: Binary config file suggestions

Replies are listed 'Best First'.
Re^4: Binary config file suggestions by Limbic~Region (Chancellor) on Mar 12, 2009 at 20:25 UTC
Fletch, I am still confused. Perhaps it is because I have never attempted to modify a Storable file with vi. I, perhaps incorrectly, assumed that the issue was that the "bad guy" (yes, I intentionally quoted it because I realize what we are talking about) could see that it was a Storable file and then manipulate it (using perl). If that's the case, then compressing it gives no advantage because they could just uncompress it (using perl). Cheers - L~R	[reply]
Re^5: Binary config file suggestions by Fletch (Bishop) on Mar 12, 2009 at 21:12 UTC
What I'm reading is that the OP's worried that if it's obviously a Storable file not that they can modify it using vi but that they can (trivially) `retrieve`, diddle the contents, and re`store`. Compressing it and removing the gzip magic means they can't just blindly gunzip it, not to mention that `file(1)` probably won't correctly identify the file contents. Again, it's not intended to be a fool-proof mechanism but another layer of (again trivial, minor, laughable) obfuscation. I'm presuming they're just trying to make the config file slightly more opaque than vanilla Storable blob to discourage random tinkering as a shortcut (e.g. "This is just a quick tweak . . . ah, `file fooble.cfg` says it's `perl Storable(v0.7) data`. *clickety* `perl -MStorable -le '...'` *wham wham* Oops." versus "Hrmm, `file fooble.cfg` just says `data`; guess I'd better just crank up `fooble_configurator`."). That being said, the entire exercise is pretty silly and they'd probably be just as well off with explicit policy and threats of bodily harm (viz. "You can get more with a kind word and a two-by-four than you can with just a kind word." :) The cake is a lie. The cake is a lie. The cake is a lie.	[reply] [d/l] [select]
Re^6: Binary config file suggestions by Limbic~Region (Chancellor) on Mar 12, 2009 at 22:33 UTC
Fletch, shrug In my experience, anyone I have seen that has the expertise to do the fiddling with Storable that you are indicating has the expertise to do handle the compression handicapping. In fact, the skill level is such that I would expect that they would in fact know what they were doing if they were tweaking the config in the first place - which gets me back to the point I made previously - I don't think we are hearing the whole story. But again, shrug, I doesn't really matter to me. Cheers - L~R	[reply]