Well, I am offcourse not trying to prevent root from accessing something. It's like threatening your owner that you won't give the duplicate key back. Even an idiot wouldn't do that! :-D Actually this script would be on the application side and will be run by the user who the application runs as. And due to the special circumstances, all users can get to read the contents in the file. (No, there's no way to restrict it). I was 99.99% sure that restricting users from viewing the file contents can't be done, but just wanted to see if someone here has ever used an alternative that would work in my case as well.
Regards, Akhthar Parvez K http://Tips.SysAdminGUIDE.COM UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity - Dennie Richie On Thursday 08 Apr 2010, Rob Coops wrote: > On Thu, Apr 8, 2010 at 7:34 PM, Akhthar Parvez K > <akht...@sysadminguide.com>wrote: > > > Hello, > > > > I'm gonna write a Perl script to enhance the security within an > > application. This script would ideally checks the string passed to the > > application with the data in the file and take actions appropriately. I > > would like to encrypt the file so that the users wouldn't see the contents > > in the file. I can't accomplish this task with changing the persmission of > > the file as that should be readable. It doesn't look possible to me because > > if the (encrypted) file can be decrypted by the script, it can be decrypted > > by anyone else. Does anyone have any idea that would help me to set this up? > > > > Regards, > > Akhthar Parvez K > > http://Tips.SysAdminGUIDE.COM > > UNIX is basically a simple operating system, but you have to be a genius to > > understand the simplicity - Dennie Richie > > > > -- > > To unsubscribe, e-mail: beginners-unsubscr...@perl.org > > For additional commands, e-mail: beginners-h...@perl.org > > http://learn.perl.org/ > > > > > > Hi Akhthar, > > That sounds a lot like the the age old problem of security in the end you > will have to write down the decryption rules somewhere... which means your > encryption can be broken by anyone with access to the file containing the > decryption rules. > > There is no way to prevent someone with root access to a machine from > accessing what ever is on that machine, so forget about trying that it will > not work. > > As long as people have read access to the files used for > encrypting/decrypting and the encrypted file there is no way to secure the > contents beyond making it so much work to actually decrypt the file that it > is not worth the time for 99.99% of the would be hackers. > If you can in some way restrict access to the perl script and prevent users > from being able to read the file (make it listen on a TCP port and run it in > the background under different credentials) you should be able to hide the > magic from all normal users. But as I said before root is well root and > there is no hiding from root... > > This is why when you look at modern DRM techniques in computer games > (Assassins Creed 2 for instance) the game developers are using a technique > of web based game servers that serve part of the game content. That way a > hacker even if they remove the DRM from the game is not able to play the > game as they are missing critical content. > There are still ways to hack such games of course as in the end > the legitimate owner of the game will receive all the missing data but this > way of working makes the security very hard to break and most hackers will > not bother with it as there are enough much easier targets out there for > them to hack. > > The idea that a system can be 100% secure is a lie it has always been a lie > and will always remain a lie the only thing one can do is make it so hard to > get to the sensitive data that it becomes a very unattractive target. > Remember most hackers are humans and human are as such just as lazy as you > and me (thats why we invented computers in the first place. :-) > > Hope that helps a little, > > Rob > -- To unsubscribe, e-mail: beginners-unsubscr...@perl.org For additional commands, e-mail: beginners-h...@perl.org http://learn.perl.org/
