Apologies for top quoting; there isn't any single place which seemed
appropriate.
A colleague of mine who worked for a Swiss bank (they take security
seriously) addressed this by NOT keeping the credentials in the image.
1. Set up a distinct user intended solely for running the application.
2. Set up a credentials file which can only be read by that user.
3. When the application runs, it can read the credentials from the file,
open whatever connection it needs and then release the credentials from
image memory.
I think this concept may be similar to how SSH keys (private keys) are
managed.
Tim Mackinnon wrote
> Hi - I’m struggling to find something that I saw that discussed this issue
> kind of.
>
> In my image (its actually a headless one - but this could apply to a fat
> image too) - I build an application that needs access to a service (in
> this case an S3 bucket).
>
> The AWS library I’m using (but others are similar) has an AWSLogin class
> singleton where I can specify a username and password. So in a playground
> I can do that and test it all works etc.
>
> However, for deployment its never a good idea to encode this info into
> your code (particularly if you use Iceberg and GitHub) - SO, I am using
> secret variable support in GitLab - which I’ve seen many projects do in
> other languages. This way, I type in those details into an encrypted place
> in the CI and it then exposes them as temporary variables when I build my
> system (so far so good).
>
> Now in my build - I run a little script like this and pass on those
> variables (neatly, Gitlab doesn’t show their values in its logs):
>
> ./pharo Pharo.image --no-default-preferences --save --quit st config.st \
> "{‘$USER'. ‘$PWD'}"
>
> In config.st I then extract these command line parameters (the ST handler
> nicely exposes the extra parameter array so I didn’t have to do anything
> custom)
>
> "Expect image to be called with params as a last arg array"
> config := Array readFrom: Smalltalk arguments last.
> user := config at: 1.
> pwd := config at: 2.
>
> DBConfig default
> accessKey: user;
> pKey: pwd;
> yourself.
> So it all looks pretty good so far - however it occurs to me that if you
> get hold of a .image and were to browse all of the Strings - e.g.
> ./pharo Pharo.image eval "(ByteString allInstances)”
> I think you would ulimtately find those strings unless the Class encrypts
> them in some way right?
> So I’m wondering why we don’t have an EncryptedString object for just this
> (I’ve seen lots of cryptography libraries etc), but isn’t this quite a
> common thing to deal with? And should Pharo provide something that library
> writers adopt to encourage better image safety? Or am I wrong in my
> analysis?
>
> Tim
--
View this message in context:
http://forum.world.st/Encoding-Login-information-in-your-image-safely-tp4961690p4961706.html
Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.
