Is it not the sound of frustration?
I'm trying to write a module that given a filehandle which is zero or more of zipped, gzipped or pgp (and possibly more in the future) encoded it unpacks the contents of the filehandle. The trick is everything has to be done with filehandles. Filehandles in and filehandles out. At no time should the files exist on disk (security reasons, very sensitive data). The moral equivalent to:
system("gunzip foo.pgp.gz | ungpg | myprogram");
# Typically $input_fh comes from Net::SFTP. my %files = Extractor->extract($input_fh);
while( my($filename, $fh) = each %files) { _filter_out_sensitive_information_and_write($fh, $filename); }
assert tied $fh;
assert tied *$fh;
At no time should the files exist on disk (security reasons, very sensitive data).
What about using an encrypted filesystem? Or "plain" encrypted files for every step?
Re:An other angle
schwern on 2005-10-14T23:08:28
I don't have that level of control over the system. One trick I can use, and is being used elsewhere in the code, is unlinked temp files (open a temp file and unlink it). The file is on disk but no other process can see or read it except my open filehandle. Once my filehandle goes away the file goes away (yes, it might hang around on the disk for a while before its wiped. This is ok.). It won't get backed up.What about using an encrypted filesystem?
But this involves each extraction step to read the file in and write it back out. And then the filters have to read it in and write it out. Seems like a lot of unnecessary reads and writes. Then again, the extracting and filtering is not the bottleneck in this process. Its the processing done on the resulting decoded and filtered file which is.What does that mean?Or "plain" encrypted files for every step?
Re:Tied filehandles
schwern on 2005-10-16T17:24:21
BLALHRARHALHBLAHGH!Surely you can make it work using tied filehandles. It won't be dead easy, it won't be the fastest, but at least you can make it behave like filehandles.
I just figured it out. See edited post.