Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • This sounds somewhat like Penguin. I actually wrote a prototype of a new version of Penguin that uses SSH for transport and authentication. I abstracted out the subsystem SSH stuff (that SFTP uses) so that it's very easy to build systems on top of SSH--this secures the entire transport layer, and lets the system just send messages between client and server.

    It worked. I didn't really handle authorization, though--it was just standard SSH authentication. You could hack in authorization on top of the SSH iden
    • Oh, hey. Didn't know you were hanging around use.perl :)

      Yes, a couple of others have mentioned Penguin as well and I've taken a look. I tried contacting the author, but haven't heard back. I didn't really expect anything - looks like it's been five years since it was last touched.

      I was actually looking at your Crypt::OpenPGP module the other day as a possible solution. I know nothing about PGP, so I was thinking of buying the ORA book on it just for that!

      Securing the transport layer wasn't something I was even thinking about originally, though perhaps I should have been. My main concern was authorization (and safely executing code). I'm don't know how to hack SSH identity file authorization, so I'll probably just handle it at the application level somehow.

      I'd like to see the code you mention. Please send! And thanks for the feedback.

      • Yes, a couple of others have mentioned Penguin as well and I've taken a look. I tried contacting the author, but haven't heard back. I didn't really expect anything - looks like it's been five years since it was last touched.

        I tried contacting him about Penguin over five years ago, and never heard back. :-)

      • Using Crypt::OpenPGP would be another option that would work quite well. That would give you more control over authentication etc, but with the same amount of security--you could encrypt each message to secure the transport, and sign it to perform authentication.

        I'll send you the code when I get access to it again, in a couple of days (at SXSW right now :).