Config-Framework
view release on metacpan or search on metacpan
Framework.pm view on Meta::CPAN
my $data = join ('',<INFILE>);
#at this point we're done with the filehandle
close (INFILE);
#if the file type was binary, we can presume it's encrypted
if (-B $p{'File'}){
#use global key and crypt unless otherwise specified
foreach ('Key','Crypt'){ $p{$_} = $self->{$_} unless exists($p{$_}); }
#get the cipher
require Crypt::CBC;
my $cipher = new Crypt::CBC($p{'Key'},$p{'Crypt'});
#decrypt the data
$data = $cipher->decrypt($data);
}
#get a Data::DumpXML::Parser parser object unless we have one already
exists($self->{'DDXMLParser'}) || do {
$self->{'DDXMLParser'} = Data::DumpXML::Parser->new;
};
#parse it
Framework.pm view on Meta::CPAN
#not having a file at all isn't a problem here, it might be new!
}
};
#ok check if the file is binary, if it is, or if the 'Encrypt' option is set
#then we need to encrypt it before we write it.
if ((-B $p{'File'}) || ($p{'Encrypt'})){
#use global key and crypt unless otherwise specified
foreach ('Key','Crypt'){ $p{$_} = $self->{$_} unless exists($p{$_}); }
#get the cipher
require Crypt::CBC;
my $cipher = new Crypt::CBC($p{'Key'},$p{'Crypt'});
$xml_data = $cipher->encrypt($xml_data);
}
#dump it down to the file
open (OUTFILE, ">$p{'File'}") || do {
$self->{'errstr'} = "WriteConfig: can't open file ($p{'File'}) for writing $!";
return (undef);
};
print OUTFILE $xml_data ;
close (OUTFILE);
Framework.pod view on Meta::CPAN
SSL Website? Well then it probably needs to have a username and password. It's kind of bad form to
have passwords and usernames hard-coded into programs. Especially if you have lots of programs, then
you have both the nightmare of updating all of the hard-coded passwords in each program when the
password gets changed, as well as the security risk of having a password in perhaps tens or hundreds
of individual files. One option is to stick those usernames and passwords in a configuration file
or course, so that many programs can access the same file. However, you've still got your passwords
hanging out 'in the nude' in a file somewhere waiting to be discovered. Config::Framework provides
some built-in options to help you, if not eliminate, to at least to mitigate that risk.
Config::Framework knows how to decrypt a file encrypted with any of the Crypt::* modules
which is Crypt::CBC compliant. When you specify the 'GetSecure' option at object instantiation,
Config::Framework knows to look for a file called 'passwds.xml' located at the root level of the
config directory.
When you build Config::Framework, the Makefile.PL will ask you for a Crypt::* module to use to
and a passphrase to use to decrypt and encrypt this file. Sure, the passphrase is still 'in the nude'
somewhere buried in your perl distributions lib/ directory, and theoretically, someone could go
digging through that directyory, and find the passphrase, then use it to get all of the passwords in
your passwds.txt. However, it's better than nothing. Like I said this mitigates the risk a bit, it
dosen't eliminate it. At the moment there really aren't any good systems available to perl to handle
passwords securely. At least this way, you have your password access abstracted a bit, so when
Framework.pod view on Meta::CPAN
=item admin
This is the email address of the person whom we should send email alerts to by deefault when the
AlertAdmin method is called. If not explicitly defined, this value defaults to the admin address
given when the module was built.
=item Crypt
This is the Crypt::* module to use when encrypting or decrypting encrypted configuration files, such
as the infamous passwds.txt. (See the 'Passwords' section above). Keep in mind that whatever Crypt::*
module you specify must be Crypt::CBC compliant, and of course, you must have it installed already!
If not explicitly defined, this value defaults to the Crypt::* module specified when the module was
built.
=item Key
This would be the passphrase to use when encrtpying or decrpting encrypted configuration files,
again, such as that infamous passwds.txt (see 'Passwords' section above). If not explicitly defined,
this value defaults to the passphrase given when the module was built.
=item EnvExportList
Framework.pod view on Meta::CPAN
Parent => "Dalek"
);
this would load the user-specific config file UNDER the 'Dalek' configNamespace, so that I could
access the user-specific data thusly
$object->{'Dalek'}->{'usersDalekConfig'}->{'someKey'};
=item Crypt
LoadConfig has the capability to decrypt and load config files encrypted via one of the CBC compliant
Crypt::* modules. This option specifies the Crypt::* subclass that you would like to use to decrypt
the specified config file (presuming it is encrypted). For instance, if you wanted to load
the file "mySecretConfig.xml" which was encrypted using the Crypt::Rijndael module you would do
something like:
$object->LoadConfig(
File => "mySecretConfig.xml",
Crypt => "Rijndael",
Key => $mySecretKey
) || die $object->{'errstr'};
Framework.pod view on Meta::CPAN
=item Encrypt
if set to a non-zero value, this will cause the file which is being written out to be encrypted with
either the specified Key and Crypt or the default options given when the module was built.
NOTE: setting this option is not necessary if you are writing data back to a file which was encrypted
when you originally loaded it, this option is only necesary if you are encrypting a file which was
not previously encrypted, or if you are creating a new encrypted file.
=item Crypt
This should be the CBC compliant Crypt::* subclass that you would like to use encrypt the data.
If not specified, this option defaults to the value givne when the module was built. For more
information, see ReadConfig.
=item Key
This should be a string contining the passphrase you want to use to encrypt the data with the
specified CBC compliant Crypt::* subclass. For more information, see ReadConfig.
=back
=head1 LoadXMLConfig
This function will load any specified file in the Data::DumpXML DTD. If a binary file is specified
it is presumed to be encrypted. Encrypted files are decrypted using either a specified Crypt::*
module and passphrase, or the default options specified when the module was built. Data is returned
via a hash reference, and is NOT loaded directly into the object.
$data = $object->LoadXMLConfig(File => "path/to/some/file.xml") || die $object->{'errstr'};
This is the backend to LoadConfig which handles inserting config data into the object under the
correct configNamespace, and also handles child configs and nested namespaces. If you just want to
get some raw data out of a file in the Data::DumpXML dtd, which might possibly be encrypted using
a Crypt::* module which is CBC compliant, then this is the method you're looking for.
=head2 options
=over
=item File
again, this is a string containing the complete path to and name of the file you would like to load.
No location precidence mathing occurs here, you must specify the entire path and file you want to
load.
=item Crypt
This would be the CBC compliant Crypt::* subclass that you would like to use to decrypt the given
file, presuming it is, in fact, encrypted. (See LoadConfig method)
=item Key
This would be the passphrase you'd like to use to decrypt the (presumably encrypted) config data
using the CBC compliant Crypt::* sublcass you specified above. (see LoadConfig method)
=back
=head1 AlertAdmin
This will email an alert to the address specified by either the 'To' option, or the default address
specified when the object was built. Additionally, the method can optionally copy the message to a
group of addresses, log the message to a file, or call the die() routine. This is accomplished
Makefile.PL view on Meta::CPAN
open (conf, ">./config.cache") || die ("can't write config data: $!\n");
foreach (keys %data){ print conf "{$_}\t$data{$_}\n"; }
close (conf);
WriteMakefile(
'NAME' => 'Config::Framework',
'VERSION_FROM' => 'Framework.pm',
'ABSTRACT_FROM' => 'Framework.pod',
'AUTHOR' => 'Andrew N. Hicox <andrew@hicox.com>',
'PREREQ_PM' => {
Crypt::CBC => 2.02,
Data::DumpXML::Parser => 1.01,
File::Copy => 2.03
},
'PM_FILTER' => "\$(PERL) ./insert_config_data"
);
( run in 0.588 second using v1.01-cache-2.11-cpan-e1769b4cff6 )