[erlang-questions] Process state and sensitive information
ILYA Khlopotov
ilya.khlopotov@REDACTED
Tue Sep 2 00:42:15 CEST 2014
Don't use gen_server since it is intro-spectable. gen_server process
supports something called `secure` process however it was not designed
to be none intro-spectable. If `secure` process is hybernated you can
read it's state using sys module. So I would recommend implementation
of a process with otp compatible loop and suspend_loop where you can
block otp introspection tools (just ignore messages used by them).
https://github.com/erlang/otp/blob/maint/lib/stdlib/src/sys.erl#L382
Another approach is to store data encrypted in gen_server state and
pass decryption key from the caller (where it can be intercepted as
well BTW). In any case it is always would be a way to get your data
out.
Best regards,
ILYA
On Mon, Sep 1, 2014 at 3:15 PM, Mark Nijhof
<mark.nijhof@REDACTED> wrote:
> An other question I would have is, how are you going to supply the
> credentials to this gen_server to to make these API calls?
>
> -Mark
>
>
> On Tue, Sep 2, 2014 at 12:12 AM, Mark Nijhof
> <mark.nijhof@REDACTED> wrote:
>>
>> Just from reading the docs (so no experience) of sys:get_status/1 it looks
>> like you could implement Module:format_status/2 and don't return the
>> internal state, then you could use internal state to store it.
>>
>> http://www.erlang.org/doc/man/gen_server.html#Module:format_status-2
>>
>> -Mark
>>
>>
>>
>> On Mon, Sep 1, 2014 at 11:10 PM, Chris de Villiers
>> <chrisdevilliers@REDACTED> wrote:
>>>
>>> Hello
>>>
>>> I want to make requests to a web service which authenticates users
>>> with a key and secret. I will be implementing their API with a
>>> gen_server and need to place the access credentials somewhere "safe".
>>> By safe I mean It should be out of plain sight and not accessible to a
>>> user that can attach to the VM. I also do not want them to show up in
>>> stack traces or kernel/SASL logs should the gen_server die
>>> unexpectedly.
>>>
>>> The application's environment is obviously ruled out. Storing them in
>>> the gen_server's state is also no good because sys:get_status/1 gives
>>> them away.
>>>
>>> I thought about placing them in an ETS table private to the gen_server
>>> process. Is it possible for another process to read private ETS
>>> tables somehow?
>>>
>>> Any other suggestions how I can handle this situation? I do not want
>>> to start a discussion about OS level security. Lets assume someone
>>> gets access to the user account under which the VM runs and can attach
>>> to it.
>>>
>>> Regards,
>>> chris
>>> _______________________________________________
>>> erlang-questions mailing list
>>> erlang-questions@REDACTED
>>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>>
>>
>>
>> --
>> Mark Nijhof
>> t: @MarkNijhof
>> s: marknijhof
>>
>
>
>
> --
> Mark Nijhof
> t: @MarkNijhof
> s: marknijhof
>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
More information about the erlang-questions
mailing list