Hiding my variables

Brovnik has asked for the wisdom of the Perl Monks concerning the following question:

I am writing a module to store and retrieve multiple passwords and want to make sure that the module is as secure as possible in terms of users of the module not being able to access any of the module variables.

I have tried 2 approaches, and both work (i.e. I haven't been able to break them) , but I'd like any comments on whether one is "more secure" than the other.

Method 1 - enclose package in a scope

{ # Hide everything

package Crypt::Password;

our @EXPORT_OK = (public_func);

my $secret_var1 = 0;
my $secret_hash = ();

sub private_func ()

sub public_func ()
}
[download]

Method 2 - store variables in pointer (could be an object);

package Crypt::Password;

our @EXPORT_OK = (public_func);
sub private_func ()

sub public_func (

   my $p;
      $p->{secret_var1} = 0;
      $p->{secret_hash) = ();
   private_func($p);
# could be bless ($p,"Crypt::Password") and then
#          $p->private_func();
)
[download]

The second approach passes a ref to all of the variables as needed, but this can become a pain.

P.S. I'll be posting the code soon. It allows interactive retrival of passwords from a database. Used for personal storage of e.g. website logins, or can be used by multiple users (e.g. sysadms) to store passwords to multiple hosts.
--
Brovnik

Comment on Hiding my variables Select or Download Code

Replies are listed 'Best First'.
Re: Hiding my variables by Aighearach (Initiate) on Jun 15, 2001 at 15:43 UTC
You just need to declare the variable as a properly scoped lexical. `package My::Object; use strict; use warnings; our @EXPORT_OK = qw( private ); my $_private_string = "Hello"; my $_private_code = sub { return $_[0] . " World" }; sub public { return &$_private_code( $_private ); } 1; __END__` [download] That should give you both private variables and functions, invisible from outside the file. --Paris Sinclair	[reply] [d/l]
Re: Hiding my variables by btrott (Parson) on Jun 15, 2001 at 21:17 UTC
If you really want to hide your variables (or rather, your values), you might want to check out Tie::EncryptedHash. It's a tied hash with encrypted values, using a standard symmetric cipher (eg. Blowfish). Sample usage (from the SYNOPSIS): use Tie::EncryptedHash; tie my %s, Tie::EncryptedHash, 'passwd'; $s{foo} = "plaintext"; # Normal field, stored in plaintext. print $s{foo}; # (plaintext) $s{_bar} = "signature"; # Fieldnames that begin in single # underscore are encrypted. print $s{_bar}; # (signature) Though, while the passw +ord # is set, they behave like normal fiel +ds. delete $s{__password}; # Delete password to disable access # to encrypting fields. print $s{_bar}; # (Blowfish NuRVFIr8UCAJu5AWY0w...) $s{__password} = 'passwd'; # Restore password to gain access. print $s{_bar}; # (signature) $s{_baz}{a}{b} = 42; # Refs are fine, we encrypt them too. [download]	[reply] [d/l]
Re: Hiding my variables by larryk (Friar) on Jun 15, 2001 at 15:41 UTC
You can make pseudo-private subs with references and my as follows. Pretty much the same as your first case but I think it looks a bit better ;) `#!perl use strict; package Whatever; my $password = sub { 'passwd_here' }; sub reveal_pass { print "Authorised: ", $password->(), "\n"; } package main; Whatever::reveal_pass; print "Unauthorised: "; print ref $Whatever::password ? $Whatever::password->() : "no access!\ +n"; __END__ Authorised: passwd_here Unauthorised: no access!` [download] "Argument is futile - you will be ignorralated!"	[reply] [d/l]