[英]How to encrypt config file in a Perl Dancer application?
I have some sensitive information (my database username/password and cookie encryption key) in my config file for my Dancer application that I would rather not be shown as plain text in case someone does gain access to it. 在我的Dancer应用程序的配置文件中,我有一些敏感信息(我的数据库用户名/密码和cookie加密密钥),如果有人获得访问权限,我宁愿不将其显示为纯文本。 What's the best way to encrypt the file so it's not just text?
加密文件而不只是文本的最佳方法是什么? Or is there a more secure approach that makes more sense than encryption (like restricting file permissions)?
还是有一种比加密更有意义的安全方法(例如限制文件权限)?
Because you can't encrypt the config, as in the comment above says @ThisSuitIsBlackNot, but sometmes is good to hide passwords (eg hide the passowrds form some co-workers who doesn't knows perl - but has access to config files) 因为您无法加密配置,如上面的评论中的 @ThisSuitIsBlackNot所述,但是sometmes可以很好地隐藏密码(例如,隐藏一些不了解perl但可以访问配置文件的同事的passowrds)
I'm using an combination of 我正在结合使用
In my config files are passwords in encrypted form, and looks like as instructions for configuration. 在我的配置文件中,密码是加密形式的, 看起来像是配置说明。 If someone grabs/reads only the config file - get nothing usable.
如果有人仅抓取/读取配置文件-则无法使用。
Usually I'm using something like the next: 通常我使用类似下一个的东西:
db.password: enter some safe password here such De4w.Quafy3yq
and in the code i exracting the "De4w.Quafy3yq" part and using rot13
or crypt
etc... get the real passwd: "Qr4j.Dhnsl3ld". 并在代码中我提取了“ De4w.Quafy3yq”部分,并使用
rot13
或crypt
等...得到了真实的密码:“ Qr4j.Dhnsl3ld”。 Or using the mh5 hash of a string as a password, or similar - simple algorithms. 或者使用字符串的mh5哈希作为密码或类似的简单算法。
It is simple, and effective against non-programmers - of course, isn't helps when someone knows perl and grabs the code too. 它很简单,并且对非程序员有效-当然,当有人知道perl并获取代码时,它也无济于事。
Because seems (downvotes) than here are still some people who didn't understand what this mean, THIS ISN'T ANY REAL SECURITY . 因为似乎(不赞成投票)这里的某些人仍然不理解这意味着什么,所以这不是任何真正的安全措施 。 It is an nice (funny) method (of course unsecure - read again, it isn't mean any real security) how to hide the password form coworkers, who didn't knows perl.
这是一个很好的(有趣的)方法(当然是不安全的-再读一遍,这并不意味着任何真正的安全性)如何隐藏不知道perl的同事的密码。 DON'T USE IT for any real password protection.
请勿将其用于任何真实的密码保护。 OMG...
我的天啊...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.