Provided by: libstore-opaque-perl_0.03-1build6_amd64 bug

NAME

       Store::Opaque - Opaque objects to prevent accidental Dumping or appearance in stack traces

SYNOPSIS

         package MyCreditCardInfo;
         use strict; use warnings;
         use Store::Opaque;
         our @ISA = qw(Store::Opaque);

         sub get_creditcard_number {
           $_[0]->_get("ccnumber")
         }

         sub set_creditcard_number {
           $_[0]->_set("ccnumber", $_[1])
         }

         1;
         # use this like any other object...

DESCRIPTION

       Before you go any further, please do realize that this module is not directly about
       security in the sense of preventing malicious action!  It's about preventing mistakes that
       could turn out to be a security or compliance issue.

       Consider that you have code that handles sensitive data that should never end up in your
       logs.

         use Carp;
         foo("This does not belong in logs");
         sub foo {
           my $super_sensitive = shift;
           this_can_die();
         }
         sub this_can_die {
           Carp::confess("Gotcha"); # stack trace
         }

       If you're logging erros, you get this in your logs:

         Gotcha at /tmp/t.pl line 8
                 main::this_can_die() called at /tmp/t.pl line 5
                 main::foo('This does not belong in logs') called at /tmp/t.pl line 2

       Great, not! Various techniques can be used to fix this. The easiest one is simply using
       hash-based objects to store this info and pass it around.  In general, you'd pass it
       around as some sort of reference to prevent this.

       Alas, that is easily defeated by accident if developers write stuff like this:

         sub foo {
           warn Data::Dumper->Dump(\@_); # FIXME just for debugging
           my $super_sensitive = shift;
           this_can_die();
         }

       Again, there's a myriad of ways to explicitly defeat that, but I'd bring up the more
       powerful Data::Dump::Streamer (in conjunction with PadWalker and B::Deparse) next. Even
       inside out objects can accidentally be dumped if you're using Data::Dump::Streamer to dump
       their methods.  It's becoming progressively less easy to make a mistake like the above,
       but why bother?

       This module implements an opaque object implementation that does not suffer from these
       issues. Let me repeat. This isn't about hiding anything from an attacker.  It's about
       preventing mistakes from people who have legitimate access.

       Oh, and don't use this for *all* of your objects as it comes with a small memory and
       moderate performance overhead.

WARNING

       If you do not fully understand the previous section, look elsewhere and do not use this
       module.

METHODS AND USAGE

       You use this module by subclassing. If that doesn't work for you, you can manually import
       the methods in the class. If you don't know how that works, you shouldn't be doing it.

       Your subclass will inherit the following methods:

   new
       Simple constructor that takes no arguments. You can override is as follows:

         sub new {
           my $class = shift;
           my $self = $class->SUPER::new;
           # initialize here
           return $self;
         }

   _set
       Generic setter for the stored information:

         sub set_ccinfo {
           my $self = shift;
           my $value = shift;
           $self->_set("ccinfo", $value);
         }

       where "ccinfo" is the key to store the $value under. If this feel reminiscent of a hash,
       then that's not coincidental as the object is a hash under the hood.

       You can use any string has a key that would otherwise work in a normal hash-based object.

   _get
       Generic accessor for the stored information. Works just liek "_set" without the $value.

AUTHOR

       Steffen Mueller, <smueller@cpan.org>

COPYRIGHT AND LICENSE

       Copyright (C) 2011 by Steffen Mueller

       This library is free software; you can redistribute it and/or modify it under the same
       terms as Perl itself, either Perl version 5.8.1 or, at your option, any later version of
       Perl 5 you may have available.