Comments (4)
I agree! We need to classify which inputs are confidential (all of them by default?), document it and clear memory after use, very similarly to parallaxsecond/parsec#122
Would be nice to find a solution that is applicable to all structures we think need scrubbing.
from parsec-client-rust.
I've been looking at secrecy
and zeroize
and I think they're both very useful but for different use cases.
We can use secrecy
for things that are strictly secret, like the app authentication values (this probably applies more to the interface crate, at the moment). The direct authentication string is probably not secret - but maybe we should mark it as such anyway?
I'm not sure if all inputs are confidential - e.g. key attributes or names? We could make them all clean up afterwards (probably not a high cost). For some of them we need to implement our own wrappers just to impose stricter type controls (e.g. a type for signatures).
from parsec-client-rust.
Some types of the interface are already under Zeroize
or Secret
, this is to check the client's types.
from parsec-client-rust.
This was dealt with #32
from parsec-client-rust.
Related Issues (20)
- Add support for MAC operations
- Migrate away from using users crate
- Extract UnixSocket-specific functionality out of RequestHandler
- Rename methods to contain `psa_` prefix HOT 1
- Make the CoreClient really dumb HOT 16
- Expose the interface through the client, even for testing
- Modify interface to take parameters as reference HOT 7
- Resolve service endpoint from a URI environment variable HOT 3
- Implement new authenticator support HOT 2
- List existing tests
- Socket path security checks can fail when the client is in a container HOT 4
- Implement component bootstrapping HOT 6
- Add a JWT-SVID authentication data
- Un-versioned SPIFFE dependency prevents publishing crate at version 0.12.0 HOT 2
- Add support for ListClients and DeleteClient
- Investigate a SignClient for just-in-time key creation HOT 3
- Use &str for key names instead of String
- Complete the `BasicClient` examples HOT 1
- Add BasicClient::new_non_authenticated()
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from parsec-client-rust.