[Chicago] Handling secret stuff

JS Irick hundredpercentjuice at gmail.com
Mon May 16 18:10:04 EDT 2016 

This is a good discussion and I'm glad we're having it on this list.

Big thumbs up to everyone's well thought out responses.

On Mon, May 16, 2016 at 3:58 PM, Adam Forsyth <adam at adamforsyth.net> wrote:

> The user of the site only gets to see the input and output of your code,
> not the code itself. As long as you are careful with your inputs & outputs,
> you won't be making any kind of "trail" to the secret key. I would
> re-examine the "code trail" idea entirely, as I don't think it makes sense.
>
>
>
>
> On Mon, May 16, 2016 at 2:39 PM, Leon Shernoff <
> leon at mushroomthejournal.com> wrote:
>
>> Thanks, Adam and Rob!
>>
>> I'm not worried about transmission -- yes, we have an SSL certificate
>> etc. My concern is with storage of the API key on the client's website.
>>
>> The service provider in question does things a little differently from
>> Braintree: it's a two-step process. The client has a secret API key that
>> sort of serves as an authentication of last resort. The client sends
>> financial data to service provider along with a public API key and the
>> service provider sends back a one-time token that (hopefully) indicates
>> that the proposed transaction has been checked out and can move forward.
>> Client then returns that token along with the secret API key to service
>> provider, and money then actually changes hands.
>>
>> The client is running a temp agency, with work being done over distance.
>> The proposed architecture is that the temps log in to clients website
>> (which is Wordpress), fill out the amount they are charging the customer,
>> etc, and hits a button initiating this complete back-and-forth process.
>>
>> My concern is that if the whole process is automated and triggered by the
>> temp hitting the button, this leaves a code trail to the secret API key.
>> Sure, the page in question can be protected in various ways, but there's
>> still a code trail that... well, if there's a programmatic sequence of
>> steps that involves retrieving the key, those steps can also be traced by
>> an outsider if they can get at the page somehow.
>>
>> My thought was to have the temp's page merely log the information
>> (including the returned token) from the temp's payment request into the Wp
>> database (I'm not worried about the security of Wordpress). I would then
>> have a completely separate scheduled process go through these log entries
>> and complete the second part of the back-and-forth for all of them at once.
>> That way, the sequence of programmed events that retrieves the key doesn't
>> need to have any involvement with the public interface at all. This seems
>> more secure to me -- no code trail. But I don't know what SOP is in this
>> sort of situation -- or if there is any. Like I said, I don't know if
>> there's any best practices here or what. Any help appreciated! :-)
>>
>>
>> Thanks!
>>
>> --
>> Best regards,
>>     Leon
>>
>> "Creative work defines itself; therefore, confront the work."
>>      -- John Cage
>>
>>
>> Leon Shernoff
>> 1511 E 54th St, Bsmt
>> Chicago, IL  60615
>>
>> (312) 320-2190
>>
>> _______________________________________________
>> Chicago mailing list
>> Chicago at python.org
>> https://mail.python.org/mailman/listinfo/chicago
>>
>
>
> _______________________________________________
> Chicago mailing list
> Chicago at python.org
> https://mail.python.org/mailman/listinfo/chicago
>
>


-- 
====
JS Irick
312-307-8904
Consultant: truqua.com
Coach: atlascrossfit.com
Programmer: juicetux.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/chicago/attachments/20160516/dedbf7d7/attachment.html>

More information about the Chicago mailing list