All the documentation and examples I've seen all use C# code to generate the secret, like this:
new Secret("secret".Sha256())
This is fine for an initial setup and inserting into the database on startup, but what if I want to add a secret directly to the database at run time. Preferably I'd like to give instructions to a customer that doesn't involve any code.
I've tried using online tools to hash the string then Base64 encode the string but it's not matching what the code generates so I think I'm missing a step.
The code for that function is here:
https://github.com/IdentityServer/IdentityServer4/blob/master/src/IdentityServer4/src/Extensions/HashExtensions.cs
You could create a tool or library of your own that meets your requirements. We have a SQL implementation so we can easily import clients directly into our DB should we need to.
Related
I'm currently working on a password managing application in Meteor React and can't seem to find a way to encrypt and decrypt data on the client, with MmongoDB storing the encrypted data.
To add a little background to the task and specify what I am trying to do:
This whole application is for one single company and users are the employees only. The passwords, along with username info and some other attributes are stored in folders and users get view and edit rights to data within the folder. Passwords (along with additional info) need to be encrypted, but multiple users need to be able to access them based on the rights given to them. So when the data is encrypted, say when a person creates a password, other users with the rights to do so need to be able to decrypt this data as well. However, the decryption needs to happen on client and the server can only ever access the encrypted data.
I have tried using planifica:encryption, because it has exactly what we need for our project, but I ran into some errors and I can't get past them nor find any article about them. I have heard of Mylar in some answers to similar questions, but both Mylar and Planifica don't seem to have been updated for a few years now. I know Node.js has a crypto module, but I am not sure whether it could be used to share encrypted data among users and most importantly, how to do so.
Is there any way to do what we need for this project? I should also point out that I am relatively new to meteor and I have not dealt with encryption whatsoever, so my understanding is rather limited.
Thank you for reading!
This very much depends on the encryption you are using, but since you are interested in decrypting things client-side, it sounds like what you are looking for is the SubtleCrypto web api.
That should be all you need on top of what Meteor already provides. You should be able to use a regular meteor collection and publication to share the encrypted data with your clients, and then let them decrypt it using the above linked decrypt function. One question I'd have is how you will be able to get the decryption key to your clients while hiding it from the server, but I assume you've got that part figured out somehow.
I am trying to build a connector that needs to access an API which requires API_KEY and API_SECRET. Currently Data Studio doesn't support authentication with two keys. So I thought I'd use auyhentication type NONE and then in getConfig() function I would prompt the user to input two required keys. However it seemms an awkward thing to do so I am asking more experienced developers. Am I introducing any security issue here? From what I understand there is no deifference whether I check and store user credentials in getConfig() or setCredentials(). They all end up stored in PropertiesService so I don't see any major difference. However, I may be wrong...
Currently(Nov 2019) there isn't support for API_KEY+API_SECRET. You have a few alternatives:
Use USER_PASS and in the connector description, instruct the user to use API_KEY for USER and API_SECRET for PASS.
Use NONE and get the info in getConfig().
Until the Data Studio team implements a solution, I recommend using #1. This will make it easier for you to migrate code and existing users once an official solution becomes available.
How do you create a custom database driver to extend CodeIgniter's functionalities to other types of database systems? I'm using iRODS (www.irods.org). I have a version of the site created using MySQL, but I want to be able to change the database backend with minimal changes. Is there an easy way to add this function, like how you can add a custom library in CI? I haven't been able to find any so far.
I'm assuming you mean how do you create a custom Active Record driver for codeigniter? Otherwise I'm probably far off the mark here but:
There is no way I know of to simply extend or override the DB classes it is not a common thing. You can implement your own and patch up your CI config to use the new DB though.
Under system/database/drivers you find all the AR driver source. You would need to reimplement each function in each of the four files (may be able to skip on forge if you don't use it.)
I'd use the MySQL driver as a starting template as you mention you already use that, in which case you'll want to make sure all the features you use are re-implemented.
It sounds like a daunting task if you're not too experienced but I assure you the code is pretty simple.
I'd like to know your approach/experiences when it's time to initially populate the Grails DB that will hold your app data. Assuming you have CSVs with data, is is "safer" to create a script (with whatever tool fits you) that:
1.-Generates the Bootstrap commands with the domain classes, run it in test or dev environment and then use the native db commands to export it to prod?
2.-Create the DB's insert script assuming GORM's version = 0 and incrementing manually the soon-to-be autogenerated IDs ?
My fear is that the second approach may lead to inconsistencies for hibernate will have the responsability for the IDs generation and there may be something else I'm missing.
Thanks in advance.
Take a look at this link. This allows you to run groovy scripts in the normal grails context giving you access to all grails features including GORM. I'm currently importing data from a legacy database and have found that writing a Groovy script using the Groovy SQL interface to pull out the data then putting that data in domain objects appears to be the easiest thing to do. Once you have the data imported you just use the commands specific to your database system to move that data to the production database.
Update:
Apparently the updated entry referenced from the blog entry I link to no longer exists. I was able to get this working using code at the following link which is also referenced in the comments.
http://pastie.org/180868
Finally it seems that the simplest solution is to consider that GORM as of the current release (1.2) uses a single sequence for all auto-generated ids. So considering this when creating whatever scripts you need (in the language of your preference) should suffice. I understand it's planned for 1.3 release that every table has its own sequence.
For Windows.Forms, I have an application that needs to get a unique install id for each install from my server, and then persist this data so once registered, the install ID is included on all communications back to the server. The application is in occasional contact with the server.
How can I persist this data on the client in a way that is not easily tampered with?
First, you should note that if the data is on the local file system and your application can read and write it, it will always be possible for a determined user to tamper with it... perhaps not easy, but possible nonetheless.
That said, there are a number of options you could consider, including (but not limited to) :
encrypting the data with a key defined in your assembly : pretty safe is the user has no programming skills, but an advanced user could disassemble your app to find the key. Obfuscation could make it harder to extract the key, but not impossible.
using an isolated storage : I'm not sure whether the data is encrypted or not, but at least it's not easily found, hidden in a deep folder hierarchy... Not so safe is the user knows where to look, however
writing the data in a binary format, which makes it harder to read or modify for a non expert user
using a piece of native code to encrypt the data : similar to the first option, but a native DLL is harder to disassemble than a .NET assembly, so it requires more skills to find the key
Again, all these approches are not bulletproof : as long as your program can access the data, an advanced user could always reverse engineer it and do the same...
You could save the data in the windows registry. You'll use the [HKCU\Software\YourAppName] hive key if it's a per-user setting, or [HKLM\Software\YourCompany] if it's a global setting. However, the data would need to be encrypted, because its trivila to get the values in these keys