valkey-io/valkey-glide

Protobuf: Secure sensitive user data (password)

Closed this issue · 1 comments

Yury-Fridlyand commented

Describe the feature

Password encoded as plain text in wrappers and in protobuf structs and in protobuf packet. That simplifies leaking it.

  • Use secure strings in wrappers for storing password
  • Use encoded string in protobuf, use bytes for example (link) and encode the string (even base64 much better than nothing)
  • Use SSL/TLS for UDS connection

See also: https://stackoverflow.com/a/38338550

Use Case

No response

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

Client version used

No response

Environment details (OS name and version, etc.)

No response

shachlanAmazon commented

The current design was approved in an Amazon's AppSec review. UDS is secure enough as-is.

  • 👍1