While I understand the general concern that security folks typically have around putting passwords (in the clear) on disk, I'm wondering what the real security issue is here? Does someone have access to the logs/env.log file (or to the warden container, and then implicitly that file) but not have access to the same list of env vars via the API?
thanks
-Doug
________________________________________________________
STSM | Standards Architect | IBM Software Group
(919) 254-6905 | IBM 444-6905 | d...@us.ibm.com
The more I'm around some people, the more I like my dog.
Christopher Ferris ---08/19/2014 08:55:30 AM---https://www.pivotaltracker.com/n/projects/966314/stories/77151178 Chris
--
You received this message because you are subscribed to the Google Groups "Cloud Foundry Developers" group.
To view this discussion on the web visit https://groups.google.com/a/cloudfoundry.org/d/msgid/vcap-dev/1923eacf-dded-4758-8319-1d16e2a5d5d6%40cloudfoundry.org.
To unsubscribe from this group and stop receiving emails from it, send an email to vcap-dev+u...@cloudfoundry.org.
To view this discussion on the web visit https://groups.google.com/a/cloudfoundry.org/d/msgid/vcap-dev/OF2FC30DE3.E69E9028-ON85257D39.0048F37D-85257D39.0049311A%40us.ibm.com.
Mike,
thanks for the background. The file crawler app, and having to special case that one file, is a good usecase to think of. But, at the same time, I can't help but think this is one of those cases where it provides the warm-fuzzy security blanket feeling but there really isn't much there since aside from the special case of a droplet viewer anyone who could get to that file probably already has access to the env vars via the API. But, if it gets the security guys off our backs, ok.... :-)
thanks
-Doug
________________________________________________________
STSM | Standards Architect | IBM Software Group
(919) 254-6905 | IBM 444-6905 | d...@us.ibm.com
The more I'm around some people, the more I like my dog.
Mike Youngstrom ---08/19/2014 01:16:02 PM---I think today it is fairly well locked down. However, it does provide another source of service cre
To view this discussion on the web visit https://groups.google.com/a/cloudfoundry.org/d/msgid/vcap-dev/CAEoPEDqQdf7Jf1UHSVUK0w%3DrN_EtULQMsnyW6vF60mwbbCjLSA%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/cloudfoundry.org/d/msgid/vcap-dev/OFA9297D5B.C67E9B0A-ON85257D39.005F1807-85257D39.005FA66D%40us.ibm.com.