Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > perl.perl6.users > #3484

Re: how do I hide a variable from viewing

Newsgroups perl.perl6.users
Date 2025-05-21 15:02 +0300
Subject Re: how do I hide a variable from viewing
Message-ID <aC3A8rC1x-SrrfkV@straylight.m.ringlet.net> (permalink)
References <add804bf-4a46-43b3-b2bc-29518a30fcb5@zoho.com> <DM5PR02MB32105D26E4C03C4D1DC7CA6FA09FA@DM5PR02MB3210.namprd02.prod.outlook.com> <eeb63995-9390-44ee-b320-7183f4de7c83@zoho.com>
From roam@ringlet.net (Peter Pentchev)

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

On Tue, May 20, 2025 at 10:10:06PM -0700, ToddAndMargo via perl6-users wrote:
> > > *From:* ToddAndMargo via perl6-users <perl6-users@perl.org>
> > > *Sent:* Tuesday, May 20, 2025 5:29 AM
> > > *To:* perl6-users <perl6-users@perl.org>
> > > *Subject:* how do I hide a variable from viewing
> > > Hi All,
> > > 
> > > Fedora 41 (Linux)
> > > 
> > > Since my *.raku can be publicly read, how do I obscure
> > > the contents of a variable so other can not read it?
> > > 
> > > Currently what I have been doing is setting the file's
> > > ownership to root:root and the attributes to 700 so
> > > only root can see it.
> > > 
> > > I would be nice to obscure a variable inside the
> > > program though.
> 
> On 5/20/25 4:44 AM, Mark Devine wrote:
> > Todd,
> >
> > I got tired of having clear-text passwords and other sensitive strings
> > in my raku scripts, so I wrote KHPH for myself for use on Linux/UNIX,
> > then published it.  The idea catches criticism because it isn't
> > encryption, but rather just a little obfuscation.  Sometimes a little
> > obfuscation is warranted, imo.
> >
> > It takes a string, then mangles it into an unrecognizable scrambled
> > form, stashes it in a file, then can be recalled/unscrambled later.
> >
> > https://github.com/markldevine/raku-KHPH <https://github.com/
> > markldevine/raku-KHPH>
> > <https://github.com/markldevine/raku-KHPH>
> > 	
> > markldevine/raku-KHPH: Keep Honest People Honest - GitHub <https://
> > github.com/markldevine/raku-KHPH>
> > Keep Honest People Honest - String Obfuscation, Storage, & Retrieval -
> > markldevine/raku-KHPH
> > github.com
> >
> > Maybe you'll find it useful, but maybe only on Linux/UNIX.
> >
> > use KHPH; KHPH.new(:stash-path('/tmp/.myapp/password.khph')).expose.print;
> >
> >   *
> >     or -
> >
> >
> > use KHPH;
> > my $passowrd = KHPH.new(:stash-path($*HOME ~ '/.rakucache/myapp/
> > password.khph'));
> > # $password.expose will unscramble the string, so you can substitute it
> > where you need to
> 
> Hi Mark,
> 
> I have written something similar.  Without the seed and
> the start point, it is (although never say never)
> impossible to decrypt it.
> 
> My issue is, unlike a fully compiled code, if a bad guy
> has access to my Raku code, which is necessary to run
> the program, he also has access to the seed and
> the start point, plus the encryption and decryption
> module.
> 
> I was thinking maybe there is a way to only present the
> binary of my code, like a fully compiled code?  Or maybe
> some way to obscure something inside my Raku code?
> 
> Thank you for the help!

The usual way to do this is to make the program read a configuration
file that contains any credentials necessary. Lately I've been
a big fan of the TOML format for config files, mostly because
the "standard" INI-style files are not standard at all, not even
under different versions of the same operating system :)

But the general idea is:
- the program, on startup, looks for a configuration file in
  a place where such things are kept (this part is OS-dependent, but
  there are ways to do it more or less platform-independently;
  I think for Raku the XDG::BaseDirectory module would help)
- the program reads the config file and exits if it doesn't contain
  the necessary credentials (username, password, URLs, whatever)
- now it is the user's and the system administrator's responsibility
  (as it should be) to protect that config file as much as it is
  appropriate for that specific machine/installation

Hope that helps!

G'luck,
Peter

-- 
Peter Pentchev  roam@ringlet.net roam@debian.org peter@morpheusly.com
PGP key:        https://www.ringlet.net/roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13

Back to perl.perl6.users | Previous | NextNext in thread | Find similar

Thread

Re: how do I hide a variable from viewing roam@ringlet.net (Peter Pentchev) - 2025-05-21 15:02 +0300
  Re: how do I hide a variable from viewing roam@ringlet.net (Peter Pentchev) - 2025-05-22 03:31 +0300
  Re: how do I hide a variable from viewing perl6-users@perl.org (raf via perl6-users) - 2025-05-22 12:57 +1000

csiph-web