简体   繁体   中英

How to encrypt config file in a Perl Dancer application?

I have some sensitive information (my database username/password and cookie encryption key) in my config file for my Dancer application that I would rather not be shown as plain text in case someone does gain access to it. What's the best way to encrypt the file so it's not just text? Or is there a more secure approach that makes more sense than encryption (like restricting file permissions)?

Because you can't encrypt the config, as in the comment above says @ThisSuitIsBlackNot, but sometmes is good to hide passwords (eg hide the passowrds form some co-workers who doesn't knows perl - but has access to config files)

I'm using an combination of

  • security by obscurity
  • and fooling

In my config files are passwords in encrypted form, and looks like as instructions for configuration. If someone grabs/reads only the config file - get nothing usable.

Usually I'm using something like the next:

db.password: enter some safe password here such De4w.Quafy3yq

and in the code i exracting the "De4w.Quafy3yq" part and using rot13 or crypt etc... get the real passwd: "Qr4j.Dhnsl3ld". Or using the mh5 hash of a string as a password, or similar - simple algorithms.

It is simple, and effective against non-programmers - of course, isn't helps when someone knows perl and grabs the code too.

EDIT

Because seems (downvotes) than here are still some people who didn't understand what this mean, THIS ISN'T ANY REAL SECURITY . It is an nice (funny) method (of course unsecure - read again, it isn't mean any real security) how to hide the password form coworkers, who didn't knows perl. DON'T USE IT for any real password protection. OMG...

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM