Protobuf: Secure sensitive user data (password)
Closed this issue · 1 comments
Yury-Fridlyand commented
Describe the feature
Password encoded as plain text in wrappers and in protobuf structs and in protobuf packet. That simplifies leaking it.
- Use secure strings in wrappers for storing password
- Use encoded string in protobuf, use
bytes
for example (link) and encode the string (evenbase64
much better than nothing) - Use SSL/TLS for UDS connection
See also: https://stackoverflow.com/a/38338550
Use Case
No response
Proposed Solution
No response
Other Information
No response
Acknowledgements
- I may be able to implement this feature request
- This feature might incur a breaking change
Client version used
No response
Environment details (OS name and version, etc.)
No response
shachlanAmazon commented
The current design was approved in an Amazon's AppSec review. UDS is secure enough as-is.