[Labs-l] Storing oauth tokens in a tool account
Sam Wilson
sam at samwilson.id.au
Fri Feb 3 05:22:52 UTC 2017
On Fri, 3 Feb 2017, at 12:39 PM, Bryan Davis wrote:
> If you write the contents and then chmod there is a small race
> condition introduced where the data might be visible to another
> user/process. To make sure that others can not see the file contents
> you should:
> * create an empty file: touch( $file ) [0]
> * make the file readable only by the web server process: chmod( $file,
> 0600 ) [1]
> * write the token to the file: file_put_contents( $file, $token )
>
> Obviously adjust for the proper functions if your implementation
> language is not PHP.
>
> You should probably also cron some periodic cleanup function to purge
> files that might be leaked in the case of an unhandleable error in
> your uploader process. In my opinion it would be easier to use a
> database table. :)
>
Fixed.
And I'll add some error checking for hung jobs.
Thanks!
More information about the Labs-l
mailing list