如何在Perl Dancer应用程序中加密配置文件？

Question

I have some sensitive information (my database username/password and cookie encryption key) in my config file for my Dancer application that I would rather not be shown as plain text in case someone does gain access to it. What's the best way to encrypt the file so it's not just text? Or is there a more secure approach that makes more sense than encryption (like restricting file permissions)?

Answer 1

Because you can't encrypt the config, as in the comment above says @ThisSuitIsBlackNot, but sometmes is good to hide passwords (eg hide the passowrds form some co-workers who doesn't knows perl - but has access to config files)

I'm using an combination of

• security by obscurity
• and fooling

In my config files are passwords in encrypted form, and looks like as instructions for configuration. If someone grabs/reads only the config file - get nothing usable.

Usually I'm using something like the next:

db.password: enter some safe password here such De4w.Quafy3yq

and in the code i exracting the "De4w.Quafy3yq" part and using rot13 or crypt etc... get the real passwd: "Qr4j.Dhnsl3ld". Or using the mh5 hash of a string as a password, or similar - simple algorithms.

It is simple, and effective against non-programmers - of course, isn't helps when someone knows perl and grabs the code too.

EDIT

Because seems (downvotes) than here are still some people who didn't understand what this mean, THIS ISN'T ANY REAL SECURITY . It is an nice (funny) method (of course unsecure - read again, it isn't mean any real security) how to hide the password form coworkers, who didn't knows perl. DON'T USE IT for any real password protection. OMG...