Home > Archive > PERL CGI Beginners > March 2005 > precompile decryption?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
precompile decryption?
|
|
| Shaun Fryer 2005-03-24, 8:55 am |
| I wondering if anyone has experience with writing a preparser.
I've been tossing around the idea of writing a preparser that
will decrypt a perl script using PGP, then execute the code.
If anyone knows whether this is feasible, I'd appreciate a
pointer to some relevant docs.
--
=====================
Shaun Fryer
=====================
http://sourcery.ca/
ph: 416-544-9461
=====================
| |
| Zentara 2005-03-24, 3:55 pm |
| On Wed, 23 Mar 2005 11:51:06 -0500, sfryer@sourcery.ca (Shaun Fryer)
wrote:
>I wondering if anyone has experience with writing a preparser.
>I've been tossing around the idea of writing a preparser that
>will decrypt a perl script using PGP, then execute the code.
>If anyone knows whether this is feasible, I'd appreciate a
>pointer to some relevant docs.
It's been done, but maybe you have better ideas.
http://search.cpan.org/~shay/Filter...ilter/Crypto.pm
--
I'm not really a human, but I play one on earth.
http://zentara.net/japh.html
| |
| Andrew Wansink 2005-03-25, 8:55 am |
| On Wed, 23 Mar 2005 11:51:06 -0500, Shaun Fryer wrote:
> I wondering if anyone has experience with writing a preparser.
> I've been tossing around the idea of writing a preparser that
> will decrypt a perl script using PGP, then execute the code.
> If anyone knows whether this is feasible, I'd appreciate a
> pointer to some relevant docs.
>
Whatever code you want to run must include the decryption
key in order for it to then be decrypted and loaded into the perl
interpreter for execution.
If security by obscurity is good enough for you then go ahead
but don't think this approach provides any real code security.
andy
> --
> =====================
> Shaun Fryer
> =====================
> http://sourcery.ca/
> ph: 416-544-9461
> =====================
| |
| Shaun Fryer 2005-03-25, 3:55 pm |
| > Whatever code you want to run must include the decryption
> key in order for it to then be decrypted and loaded into the perl
> interpreter for execution.
>
> If security by obscurity is good enough for you then go ahead
> but don't think this approach provides any real code security.
The code itself needn't contain the key. However it can be made
available in various ways to those who wish to execute it. I have a
decent familiarity with the concepts of encryption and data/computer
security. Just tossing around some ideas for different approaches
to it. It may or may not result in anything useful, but it's an
interesting area for experimentation nonetheless. The purpose isn't
to obscure the code from those who will be hosting it, but rather to
make life difficult for anyone who manages to exploit the webserver,
etc. In most cases to do with security, there is no 100% secure
anything. It's almost always a trade off. The biggest question is
how well it would scale in a production environment. I'm thinking
it wouldn't, but I'd like to try it out anyway.
PS. Thanks to everyone who's answered so far. I'll be following up
on your suggestions at the first available opportunity.
-Shaun Fryer
--
"Art begins with craft, and there is
no art until craft has been mastered.
You can't create until you're willing
to subordinate the creative impulses
to the constriction of a form."
- Anthony Burgess
|
|
|
|
|