[Mpls-pm] Secure scripts question
Joshua ben Jore
twists at gmail.com
Wed May 17 11:19:37 PDT 2006
On 5/17/06, Miner, Alan G <alan.miner at nwa.com> wrote:
> I have searched various sites, blogs and archives and it always seems to
> boil down to where to store the encryption keys.
Yah sure. As far as I know, that's all it'll ever come down to with
the tools we have now. Your script has to be able to access the
information somehow. You could stick it in the interpreter, in some
object code that gets loaded, in the perl source code, in a readable
file, whatever. In all cases it's still somewhere.
gpg handles this by forcing you to keep your private keys private to
the user that's running it. It throws an error if your configuration
is bad.
Or are in the other common situation where the script is doing
something for a user and you want to keep the credentials from the
user? This sounds like the confused deputy problem that the
Capabilities people like to bring up. Maybe you should consider
writing your program in E instead of perl.
Josh
More information about the Mpls-pm
mailing list