[erlang-questions] Process state and sensitive information

Chris de Villiers chrisdevilliers@REDACTED
Mon Sep 1 23:10:45 CEST 2014


I want to make requests to a web service which authenticates users
with a key and secret.  I will be implementing their API with a
gen_server and need to place the access credentials somewhere "safe".
By safe I mean It should be out of plain sight and not accessible to a
user that can attach to the VM.  I also do not want them to show up in
stack traces or kernel/SASL logs should the gen_server die

The application's environment is obviously ruled out.  Storing them in
the gen_server's state is also no good because sys:get_status/1 gives
them away.

I thought about placing them in an ETS table private to the gen_server
process.  Is it possible for another process to read private ETS
tables somehow?

Any other suggestions how I can handle this situation?  I do not want
to start a discussion about OS level security.  Lets assume someone
gets access to the user account under which the VM runs and can attach
to it.


More information about the erlang-questions mailing list