Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > perl.perl6.users > #3486

Re: how do I hide a variable from viewing

Newsgroups perl.perl6.users
Date 2025-05-22 12:57 +1000
Subject Re: how do I hide a variable from viewing
Message-ID <aC6StJ4TW-HEFATf@raf.org> (permalink)
References <add804bf-4a46-43b3-b2bc-29518a30fcb5@zoho.com> <DM5PR02MB32105D26E4C03C4D1DC7CA6FA09FA@DM5PR02MB3210.namprd02.prod.outlook.com> <eeb63995-9390-44ee-b320-7183f4de7c83@zoho.com> <aC3A8rC1x-SrrfkV@straylight.m.ringlet.net>
From perl6-users@perl.org (raf via perl6-users)

Show all headers | View raw

On Wed, May 21, 2025 at 03:02:58PM +0300, Peter Pentchev <roam@ringlet.net> wrote:

> On Tue, May 20, 2025 at 10:10:06PM -0700, ToddAndMargo via perl6-users wrote:
> > > > *From:* ToddAndMargo via perl6-users <perl6-users@perl.org>
> > > > *Sent:* Tuesday, May 20, 2025 5:29 AM
> > > > *To:* perl6-users <perl6-users@perl.org>
> > > > *Subject:* how do I hide a variable from viewing
> > > > Hi All,
> > > > 
> > > > Fedora 41 (Linux)
> > > > 
> > > > Since my *.raku can be publicly read, how do I obscure
> > > > the contents of a variable so other can not read it?
> > > > 
> > > > Currently what I have been doing is setting the file's
> > > > ownership to root:root and the attributes to 700 so
> > > > only root can see it.
> > > > 
> > > > I would be nice to obscure a variable inside the
> > > > program though.
> > 
> > On 5/20/25 4:44 AM, Mark Devine wrote:
> > > Todd,
> > >
> > > I got tired of having clear-text passwords and other sensitive strings
> > > in my raku scripts, so I wrote KHPH for myself for use on Linux/UNIX,
> > > then published it.  The idea catches criticism because it isn't
> > > encryption, but rather just a little obfuscation.  Sometimes a little
> > > obfuscation is warranted, imo.
> > >
> > > It takes a string, then mangles it into an unrecognizable scrambled
> > > form, stashes it in a file, then can be recalled/unscrambled later.
> > >
> > > https://github.com/markldevine/raku-KHPH <https://github.com/
> > > markldevine/raku-KHPH>
> > > <https://github.com/markldevine/raku-KHPH>
> > > 	
> > > markldevine/raku-KHPH: Keep Honest People Honest - GitHub <https://
> > > github.com/markldevine/raku-KHPH>
> > > Keep Honest People Honest - String Obfuscation, Storage, & Retrieval -
> > > markldevine/raku-KHPH
> > > github.com
> > >
> > > Maybe you'll find it useful, but maybe only on Linux/UNIX.
> > >
> > > use KHPH; KHPH.new(:stash-path('/tmp/.myapp/password.khph')).expose.print;
> > >
> > >   *
> > >     or -
> > >
> > >
> > > use KHPH;
> > > my $passowrd = KHPH.new(:stash-path($*HOME ~ '/.rakucache/myapp/
> > > password.khph'));
> > > # $password.expose will unscramble the string, so you can substitute it
> > > where you need to
> > 
> > Hi Mark,
> > 
> > I have written something similar.  Without the seed and
> > the start point, it is (although never say never)
> > impossible to decrypt it.
> > 
> > My issue is, unlike a fully compiled code, if a bad guy
> > has access to my Raku code, which is necessary to run
> > the program, he also has access to the seed and
> > the start point, plus the encryption and decryption
> > module.
> > 
> > I was thinking maybe there is a way to only present the
> > binary of my code, like a fully compiled code?  Or maybe
> > some way to obscure something inside my Raku code?
> > 
> > Thank you for the help!
> 
> The usual way to do this is to make the program read a configuration
> file that contains any credentials necessary. Lately I've been
> a big fan of the TOML format for config files, mostly because
> the "standard" INI-style files are not standard at all, not even
> under different versions of the same operating system :)
> 
> But the general idea is:
> - the program, on startup, looks for a configuration file in
>   a place where such things are kept (this part is OS-dependent, but
>   there are ways to do it more or less platform-independently;
>   I think for Raku the XDG::BaseDirectory module would help)
> - the program reads the config file and exits if it doesn't contain
>   the necessary credentials (username, password, URLs, whatever)
> - now it is the user's and the system administrator's responsibility
>   (as it should be) to protect that config file as much as it is
>   appropriate for that specific machine/installation
> 
> Hope that helps!
> 
> G'luck,
> Peter
> 
> -- 
> Peter Pentchev  roam@ringlet.net roam@debian.org peter@morpheusly.com
> PGP key:        https://www.ringlet.net/roam/roam.key.asc
> Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13

For sensitive information, consider using something like Hashicorp's vault,
or clevis (https://github.com/latchset/clevis), which both store secrets on
another host, or pass (https://www.passwordstore.org), which is for storing
passwords locally in separate gnupg-encrypted files.

cheers,
raf

Back to perl.perl6.users | Previous | NextPrevious in thread | Find similar

Thread

Re: how do I hide a variable from viewing roam@ringlet.net (Peter Pentchev) - 2025-05-21 15:02 +0300
  Re: how do I hide a variable from viewing roam@ringlet.net (Peter Pentchev) - 2025-05-22 03:31 +0300
  Re: how do I hide a variable from viewing perl6-users@perl.org (raf via perl6-users) - 2025-05-22 12:57 +1000

csiph-web