Greetings.
I am interested in sending data from a Web app (running in Xojo Cloud) via a Shell, to a Console app also running in the same cloud.
I use the shell arguments to send a private key to the Console app, and I would prefer that the key not be written to disk during the transfer.
Does a disk write happen at the time ? e.g. in the same way as IPC sockets work ? or is it achieved in memory ?
Regards,
Tony Barry
Sydney, Australia
I need to check with another engineer to verify my thoughts on this, but I would point out that Xojo Cloud servers are single-tenant servers so if the data were being written to disk, the only people that would have access would be the Xojo Cloud admins or someone who hacked the server. If it’s the latter, you’ve got bigger problems.
It might be worth noting that command line arguments are visible to anyone using task manager (Windows). This might not apply to your situation. But on windows I have one program that passes login information via a command line argument. Not the most secure.
@Neil Burkholder - Tony is using the Shell class to launch his app. Not the command line.
Oops… My ignorance.
Thank you Greg and Neil, and good to know that the Xojo Cloud does not have shared memory spaces. I presume that the hypervisor would likely be able to peer into everything, but then that is a layer above what I can work with.
The main aim in being interested in not writing to disk is simply for security - the important data is always encrypted if it resides on the server’s disk, using asymmetric encryption, and the private (decrypt) key is never written there. At app launch, the app is unable to access any important data until the admin sends the key to the app, which stores the key in memory.
The file uploader is one place where this decrypt key might be written, but the notes indicate that the file will not be written to disk if the uploader cannot write to /tmp … it will reside in memory only. As the key is about 2.3k in length, I believe this is not a burden.
My understanding of the web is that nothing cannot be hacked, and it is simply a matter of time and luck as to when it does happen. I expect that we will get hacked sometime - and so I am working to ensure that nothing that can be stolen can be decrypted.
A very determined and resourceful attacker might be able to hack the hypervisor and perform memory inspection, but this would be (I think) an extreme effort.
The issue I see in the event of hacking is “ransomware” which is best avoided by regular backups.
Regards,
Tony Barry
Sydney, Australia
Something you could do… store the keys in an encrypted SQLite database. Yes they’d be on disk, but it too would be encrypted with a key built into the binaries which could be further obfuscated with code.