On Tue, May 20, 2025 at 10:10:06PM -0700, ToddAndMargo via perl6-users wrote: > > > *From:* ToddAndMargo via perl6-users <perl6-us...@perl.org> > > > *Sent:* Tuesday, May 20, 2025 5:29 AM > > > *To:* perl6-users <perl6-us...@perl.org> > > > *Subject:* how do I hide a variable from viewing > > > Hi All, > > > > > > Fedora 41 (Linux) > > > > > > Since my *.raku can be publicly read, how do I obscure > > > the contents of a variable so other can not read it? > > > > > > Currently what I have been doing is setting the file's > > > ownership to root:root and the attributes to 700 so > > > only root can see it. > > > > > > I would be nice to obscure a variable inside the > > > program though. > > On 5/20/25 4:44 AM, Mark Devine wrote: > > Todd, > > > > I got tired of having clear-text passwords and other sensitive strings > > in my raku scripts, so I wrote KHPH for myself for use on Linux/UNIX, > > then published it. The idea catches criticism because it isn't > > encryption, but rather just a little obfuscation. Sometimes a little > > obfuscation is warranted, imo. > > > > It takes a string, then mangles it into an unrecognizable scrambled > > form, stashes it in a file, then can be recalled/unscrambled later. > > > > https://github.com/markldevine/raku-KHPH <https://github.com/ > > markldevine/raku-KHPH> > > <https://github.com/markldevine/raku-KHPH> > > > > markldevine/raku-KHPH: Keep Honest People Honest - GitHub <https:// > > github.com/markldevine/raku-KHPH> > > Keep Honest People Honest - String Obfuscation, Storage, & Retrieval - > > markldevine/raku-KHPH > > github.com > > > > Maybe you'll find it useful, but maybe only on Linux/UNIX. > > > > use KHPH; KHPH.new(:stash-path('/tmp/.myapp/password.khph')).expose.print; > > > > * > > or - > > > > > > use KHPH; > > my $passowrd = KHPH.new(:stash-path($*HOME ~ '/.rakucache/myapp/ > > password.khph')); > > # $password.expose will unscramble the string, so you can substitute it > > where you need to > > Hi Mark, > > I have written something similar. Without the seed and > the start point, it is (although never say never) > impossible to decrypt it. > > My issue is, unlike a fully compiled code, if a bad guy > has access to my Raku code, which is necessary to run > the program, he also has access to the seed and > the start point, plus the encryption and decryption > module. > > I was thinking maybe there is a way to only present the > binary of my code, like a fully compiled code? Or maybe > some way to obscure something inside my Raku code? > > Thank you for the help!
The usual way to do this is to make the program read a configuration file that contains any credentials necessary. Lately I've been a big fan of the TOML format for config files, mostly because the "standard" INI-style files are not standard at all, not even under different versions of the same operating system :) But the general idea is: - the program, on startup, looks for a configuration file in a place where such things are kept (this part is OS-dependent, but there are ways to do it more or less platform-independently; I think for Raku the XDG::BaseDirectory module would help) - the program reads the config file and exits if it doesn't contain the necessary credentials (username, password, URLs, whatever) - now it is the user's and the system administrator's responsibility (as it should be) to protect that config file as much as it is appropriate for that specific machine/installation Hope that helps! G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@debian.org pe...@morpheusly.com PGP key: https://www.ringlet.net/roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
signature.asc
Description: PGP signature
