I'm thinking about good ways to store third party credentials , which basically means there needs to be a secret somewhere, either in code or data. I'm deploying on google app engine.
If the 'secret' was something like
pw_passphrase = sha2(username + 'global-password')
pw_plaintext = aes_decrypt(pw_passphrase, pw_ciphertext)
can I depend on this code never being seen by a non appengine administrator?
...what if the credentials protect something supersensitive like personal financial data, do we still trust it?
(The sha2 bit is exchangable with any other secret pseudo-random function .)
是的:您的源代码是安全的(如Google所能保证的那样安全),并且未经授权的第三方无法窥视。
还记得使用错误页面处理代码中的异常,否则抛出的异常可能会将源代码发现给未签名的用户。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.