Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
encrypting a perl .pm module
- Thread starter joegas
- Start date
Joe,
The modules will have to be ready to fly when called. What sort of luck have you had thus far.
Why the need for CBC encryption, a bit OTT no?
If the scripts are on a server, the source will be visible at some stage one would have thought, or at least the Means Motive and Opprtunity would present themselves
--Paul
The modules will have to be ready to fly when called. What sort of luck have you had thus far.
Why the need for CBC encryption, a bit OTT no?
If the scripts are on a server, the source will be visible at some stage one would have thought, or at least the Means Motive and Opprtunity would present themselves
--Paul
- Thread starter
- #3
I've had no luck encrypting the mods so far. I've been trying to use Filter::CBC with no luck.
visable at some point is not a worry, however I'm trying to avoid writing it to disk (though swap is ok).
CBC is just the method of filtering the file, I'm using Blowfish to encrypt the file, and the password supplied at login is the key.
I'm not sure what OTT is.
This is the method I was asked to look into. I need to make it work or prove that it will not work before I will be able to do it the right way. Just the nature of the beast.
thanks
Joe
visable at some point is not a worry, however I'm trying to avoid writing it to disk (though swap is ok).
CBC is just the method of filtering the file, I'm using Blowfish to encrypt the file, and the password supplied at login is the key.
I'm not sure what OTT is.
This is the method I was asked to look into. I need to make it work or prove that it will not work before I will be able to do it the right way. Just the nature of the beast.
thanks
Joe
OTT - over the top
I've used Blowfish, and tried to use CBC, but ran into some diffs, about three years now... can't remember the issue. But the BF scripts are still working though not for CC info anymore
- there's dough in converting bad code
If speed is going to be an issue, I'd be looking for the quickest way to get it to swap (How that's not going to hit the disk is a bit beyond me). Blowfish is one overhead, and then to take the previous eight bytes as a seed to the next eight bytes, that's two much like hard work for not enough return IMHO.
It might be an idea to use some compiled C code to handle some of the sensitive CGI operations.
There's PAR and perl2exe, but they're both going to leave enough to decompile
Can you be as vague as possible without giving anything anyway as to the type of application, nature of deployment, etc, etc
I'd hazard a guess at an e-commerce app, but the hand-off to the back office systems should leave more than enough room for data obfuscation to give any wouldbe prowler homework fo rthe next n years
--Paul
I've used Blowfish, and tried to use CBC, but ran into some diffs, about three years now... can't remember the issue. But the BF scripts are still working though not for CC info anymore
- there's dough in converting bad codeIf speed is going to be an issue, I'd be looking for the quickest way to get it to swap (How that's not going to hit the disk is a bit beyond me). Blowfish is one overhead, and then to take the previous eight bytes as a seed to the next eight bytes, that's two much like hard work for not enough return IMHO.
It might be an idea to use some compiled C code to handle some of the sensitive CGI operations.
There's PAR and perl2exe, but they're both going to leave enough to decompile
Can you be as vague as possible without giving anything anyway as to the type of application, nature of deployment, etc, etc
I'd hazard a guess at an e-commerce app, but the hand-off to the back office systems should leave more than enough room for data obfuscation to give any wouldbe prowler homework fo rthe next n years
--Paul
- Thread starter
- #5
no its not cgi, though I really cant talk much about what the code is for. And I know how insecure it is, but this is what the customer is asking for... they want me to give them a huge pad lock on a 3 foot fence when what they really need is a bigger fence.
speed isnt an issue, the parts of the code I'm trying to hide are small and not used often. Though if I could prove it was slow ENOUGH maybe I could get them to forget it? hmmm....
type of app and deployment really shouldnt make a difference. its just perl and Tk, and the data I need to hide exists in a .pm file.
I spent an hour and a half this morning telling my next in line how stupid this is, how many dead ends and brick walls I've hit on the way and he still wants me to try more.
I'd welcome other ideas AFTER I get this to work or prove that it will not work. trust me I've already suggested 10 other ideas (literaly) that are 100 times better.
I set one up in 10 min, and it did more then he asked for and did it quicker, and yet he still wants me to waste more man hours.
-Joe
speed isnt an issue, the parts of the code I'm trying to hide are small and not used often. Though if I could prove it was slow ENOUGH maybe I could get them to forget it? hmmm....
type of app and deployment really shouldnt make a difference. its just perl and Tk, and the data I need to hide exists in a .pm file.
I spent an hour and a half this morning telling my next in line how stupid this is, how many dead ends and brick walls I've hit on the way and he still wants me to try more.
I'd welcome other ideas AFTER I get this to work or prove that it will not work. trust me I've already suggested 10 other ideas (literaly) that are 100 times better.
I set one up in 10 min, and it did more then he asked for and did it quicker, and yet he still wants me to waste more man hours.
-Joe
- Status