views:

176

answers:

2

I'm thinking about good ways to store third party credentials, which basically means there needs to be a secret somewhere, either in code or data. I'm deploying on google app engine.

If the 'secret' was something like

pw_passphrase = sha2(username + 'global-password')
pw_plaintext = aes_decrypt(pw_passphrase, pw_ciphertext)

can I depend on this code never being seen by a non appengine administrator?

...what if the credentials protect something supersensitive like personal financial data, do we still trust it?

(The sha2 bit is exchangable with any other secret pseudo-random function.)

+3  A: 

Yes: your source code is secure (as secure as Google can make it), and there's no way for unauthorized third parties to peek.

Alex Martelli
there's no **known** way for unauthorized third parties to peek.
Vinko Vrsalovic
You should perhaps mention that you work for Google.
Teddy
@Teddy, sure, anybody interested can check my Google profile, wikipedia entry, interviews, etc -- it's hardly secret;-). However, I always speak for myself, and myself only (I'm not authorized to speak for Google nor for other firms).@Vinko, sure, one can't "prove a negative" (e.g., I can't _prove_ the NSA hasn't already cracked every code in existence or yet to be invented, and is routinely monitoring every bit every second;-).
Alex Martelli
+1  A: 

Also remember to handle exceptions in your code with an error page, or else an exception thrown might uncover your source code to an unsigned user.

jai
wow thank you for this. definitely another reason to sandbox the sensitive stuff to its own dedicated, simple app.
Dustin Getz