[erlang-questions] Process state and sensitive information
Chris de Villiers
chrisdevilliers@REDACTED
Mon Sep 1 23:10:45 CEST 2014
Hello
I want to make requests to a web service which authenticates users
with a key and secret. I will be implementing their API with a
gen_server and need to place the access credentials somewhere "safe".
By safe I mean It should be out of plain sight and not accessible to a
user that can attach to the VM. I also do not want them to show up in
stack traces or kernel/SASL logs should the gen_server die
unexpectedly.
The application's environment is obviously ruled out. Storing them in
the gen_server's state is also no good because sys:get_status/1 gives
them away.
I thought about placing them in an ETS table private to the gen_server
process. Is it possible for another process to read private ETS
tables somehow?
Any other suggestions how I can handle this situation? I do not want
to start a discussion about OS level security. Lets assume someone
gets access to the user account under which the VM runs and can attach
to it.
Regards,
chris
More information about the erlang-questions
mailing list