--- Langa Kentane <[EMAIL PROTECTED]> wrote:
> Well, reasonable security is fine, but the idea of writing
> zeroes to the file does not appeal to me, If I can't get
> any other way I guess I will have to use that.
Allow me to assume you are using Unix... you have a hopeless
cause if you are using Windows. Here is the situation on most
Unixes:
* /proc - A virtual filesystem. The memory used by processes
can be read/writen, and hence 'root' is critical to security
[as always].
* 'root' can alter your script before it is executed!
* Only 'root' user can hack raw bytes on your filesystem
I assume you need to shred because:
* If the box is stolen, then you don't want to have critcal
information lying around.
And not because:
* You don't trust your system admin
Then shredding the file is the right thing to do. You shouldn't
just zero the files, as harddisks are not digital devices... and
it may be possible to recover data that has been zero'd.
Commerical shredding programs [why spend good money on a 5 minute
Perl program?] err on the side of caution, and write random data
several times over. Of course, they probably fail if the file
has shrunk in size before being shredded! [partly un-erased]
Whatever you do, pay attention to race conditions. Read pages
569-576 of Programming Perl before you move any further! Race
conditions are attacked frequently. Never, never, ever declare
a program as completely secure! - unless it is very trival.
Make sure you create a tempory safely, as per the Camel, or you
will be flung out into the hot desert.
Jonathan Paton
=====
$_=q|.,&@$$. ,.@$&@$. .&$$@. ,,$ ....!$_=$p.'&$@.',y'&$@' .,';for(/\S+/g){
!|.q| .$ .,@, ,$, .,.. @, ,$ ,,@ .,,.!++$.<22?${'y'.$_}=chr$.+64:[$$=${'y'
!|.q| ,@$@&.,. $$$&, ..@&&$,,, $., ..!.$_},$y.=($.=~/22\|26\|3(3\|7)/x?' '
!|.q|. @ ., ,.&,,, , .$..&. .,$ .,,!.$$:"\l$$")]};$y=~/ (.*)/;warn"$1\n"
!|.q|. $ .,. .,$$&&$...&., @.,.&@$@ .|,map{-$|--?$r:$p.=$_}split'!';eval$r
__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
