You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Aaron J Mackey <aj...@virginia.edu> on 2003/03/03 19:56:03 UTC

prompting for secure data during startup.pl

I need to make some secure data available to mod_perl handlers, without
having it physically stored in a file, database, or "named" shared memory
(since if someone can read the handlers' code, then they could read the
sensitive data as well).  So I need to prompt for it during server
(re)start-up, and stuff it away into a lexical variable that only the
handler can get at (i.e. another piece of code, or even another handler,
that blesses itself into my handler's package still cannot access the
data).  Every httpd child process should have their own copy of the data.
Is there a solution or cookbook recipe for this yet?

Said another way, here's my basic handler code:

package MyHandler;
use Apache::Constants qw(OK DECLINED);

my $SECRET = "secret";
my $SECRETSET = 0;

# only allow the secret to be set once, by startup.pl
sub set_secret { $SECRET = shift unless $SECRETSET++; }

sub handler($$) {

    if ($SECRET eq "secret") {
        return DECLINED;
    } else {
        # go ahead, make use of $SECRET
	# ...
        return OK;
    }
}
1;
__END__

And I want startup.pl to do this:

use Term::ReadPassword;
use MyHandler;

MyHandler::set_secret(read_password("Enter secret:"));
__END__

Does this make sense?  Will this work?  Will this be secure? (as long as
no one intercepts my call to set_secret() in startup.pl by installing a
bogus MyHandler.pm in my lib search path ...).

Thanks,

-Aaron

-- 
 Aaron J Mackey
 Pearson Laboratory
 University of Virginia
 (434) 924-2821
 amackey@virginia.edu

Re: prompting for secure data during startup.pl

Posted by Perrin Harkins <pe...@elem.com>.

Aaron J Mackey wrote:
> I need to make some secure data available to mod_perl handlers, without
> having it physically stored in a file, database, or "named" shared memory
> (since if someone can read the handlers' code, then they could read the
> sensitive data as well).  So I need to prompt for it during server
> (re)start-up, and stuff it away into a lexical variable that only the
> handler can get at (i.e. another piece of code, or even another handler,
> that blesses itself into my handler's package still cannot access the
> data).  Every httpd child process should have their own copy of the data.
> Is there a solution or cookbook recipe for this yet?

What you're doing looks fine, as far as it goes.  By making these 
variables part of a closure, you are making it impossible for people to 
read it directly with Perl code.  Of course there is nothing you can do 
to prevent someone with full access to your server from running C code 
that will walk Perl's variables until it finds $secret.  They could 
probably do this with creative of some of the B:: modules.

- Perrin