Re: [aerogear-dev] Push server...master secrets, secrets and some refactoring proposal
Not read the thread - will do next week (traveling atm)
But one thing I noticed
On Wednesday, April 16, 2014, Bruno Oliveira <bruno(a)abstractj.org> wrote:
Ahoy, answers inline
> And second question, I know Security is not often a good mate with UX
but ,
> the console will never show the master/variant secret anymore ?
Also correct. There is nothing set in stone, is just a proposal, because
atm anyone with read access do the database could impersonate push
applications.
I think we would need to continue having IDs/secrets visible on the UI
IMO It's very hard to use Push server, w/o that information; again I didnt
read the entire thread yet
Perhsps, we could hide the key (***************) for read-only users; but I
think the overall concern is having them in the DB. My guess is that we
need to have them being stored on the DB
-Matthias
Another alternative would be to have a single key to the
whole database and only derive the IV, but that would defeat the purpose.
In addition I discussed the possibility of make use of vaults from
Wildfly, but it's not ready yet
(http://lists.jboss.org/pipermail/security-dev/2014-April/001557.html).
Is only available for datasources. That's why I would like to hear about
the impact of this change and why the master secret/secret must be
persisted.
--
abstractj
--
Sent from Gmail Mobile
Attachments:
- attachment.html (text/html — 2.1 KB)