3

I'm thinking about good ways to store third party credentials, which basically means there needs to be a secret somewhere, either in code or data. I'm deploying on google app engine.

If the 'secret' was something like

pw_passphrase = sha2(username + 'global-password')
pw_plaintext = aes_decrypt(pw_passphrase, pw_ciphertext)

can I depend on this code never being seen by a non appengine administrator?

...what if the credentials protect something supersensitive like personal financial data, do we still trust it?

(The sha2 bit is exchangable with any other secret pseudo-random function.)

Community
  • 1
  • 1
Dustin Getz
  • 21,282
  • 15
  • 82
  • 131

2 Answers2

4

Yes: your source code is secure (as secure as Google can make it), and there's no way for unauthorized third parties to peek.

Alex Martelli
  • 854,459
  • 170
  • 1,222
  • 1,395
  • 5
    there's no **known** way for unauthorized third parties to peek. – Vinko Vrsalovic Jan 03 '10 at 06:42
  • @Teddy, sure, anybody interested can check my Google profile, wikipedia entry, interviews, etc -- it's hardly secret;-). However, I always speak for myself, and myself only (I'm not authorized to speak for Google nor for other firms). @Vinko, sure, one can't "prove a negative" (e.g., I can't _prove_ the NSA hasn't already cracked every code in existence or yet to be invented, and is routinely monitoring every bit every second;-). – Alex Martelli Jan 03 '10 at 16:43
2

Also remember to handle exceptions in your code with an error page, or else an exception thrown might uncover your source code to an unsigned user.

jai
  • 39
  • 2
  • wow thank you for this. definitely another reason to sandbox the sensitive stuff to its own dedicated, simple app. – Dustin Getz Jan 04 '10 at 01:28
  • @GAE supports custom error page too isn't is ? Anyway I think some standard audits such FISMA compliance would bring a lot more trust to the GAE platform. – themihai Mar 04 '12 at 18:52