[gdal-dev] Anyway to embed credential options into a VRT?
Nyall Dawson
nyall.dawson at gmail.com
Wed Jun 26 17:09:26 PDT 2024
On Thu, 27 Jun 2024 at 09:45, Even Rouault <even.rouault at spatialys.com> wrote:
>
> Hi Nyall,
>
> > Reading through the vrt schema, I see that there's currently support
> > for open options for sources, but I can't see any support documented
> > for VSI credential options.
> >
> > Has this been considered in the past?
> not that I'm aware of
> > I'm unsure if it's an omission
> > by design (i.e. preventing plain text storage of credentials in a VRT)
> > or a feature request...
>
> Some analysis should be done because there might *potentially* be a
> security impact in doing that (besides just leaking secrets).
Ok, that was my gut feeling, so thanks for the confirmation!
> What kind of scenario do you have in mind? Sharing a VRT with sources
> that use AWS_NO_SIGN_REQUEST=YES ?
I can imagine that there's potentially a use case for internal use
within an organisation with some sensitive, organisation wide
credentials embedded. But allowing the various *_NO_SIGN_REQUEST
options would easily be the most common use case (and should(?!) come
with no security concerns).
>
> I would say if we'd allow to set path specific option in a VRT it would
> probably be prudent to restrict them to a allow-list to be on the safe
> side. Although that would be a bit annoying to maintain because each
> time one would introduce a new path specific option, one should extend
> the allow-list with it
That'd be a compelling argument to supporting *_NO_SIGN_REQUEST only.
Thanks for the insights!
Nyall
>
> Even
>
> --
>
> http://www.spatialys.com
> My software is free, but my time generally not.
>
More information about the gdal-dev
mailing list