Comments (1)
A couple points:
-
Exposing your ID and Key is not a huge issue. The worst an attacker can do is to send you a bunch of fake errors or nonexistent APM data such as routes. The JavaScript notifier has the same problem and it has never been a big deal
-
This question is not really specific to gobrake since any binary suffers from the same issue
-
This question is not really specific to golang since any language that can produce a binary suffers from the same issue
-
I tried googling for C/C++ questions that ask the same. One of the answers on SO says this:
- Secure the key
- Secure the decryption algorithm.
The problem with securing the decryption algorithm is that this project is open source and any algorithm we implement here will be visible for the attacker. Check the link since the answer mentions a few useful techniques:
- Disguise your key as a string that would normally appear within the code
- Hash some or all of the code or data segments on startup, and use that as the key.
- Generate the key at run-time
- Create the key by choosing bytes from other data.
Hope this is helpful.
from gobrake.
Related Issues (20)
- Intermittent failures in the test suite HOT 1
- Use fixtures for code hunk testing
- Make it possible to run tests without an internet connection
- Bug: `gobrake: span="http.client" is already finished` HOT 3
- Gobrake v5 is not respecting the HTTPClient HOT 3
- Remote configuration: write config.json to a writeable place
- dumpConfig failed: no such file or directory HOT 5
- Cant install gin HOT 5
- Make *Notifier.Notify return first argument (error message) HOT 1
- Using 5.5.1 is still reported as 5.4.0
- Auto-notify when logging at the error level HOT 3
- Airbrake on low internet connectivity HOT 2
- remote_config.go fetchConfig failed - AccessDenied error HOT 2
- Fix HIGH severity level vulnerability `CVE-2021-23772` HOT 4
- segmentation fault when sending notice HOT 2
- zapbrake include fields in the Airbrake notice
- gobrake v5.6.1 flagged out of date on airbrake.io?
- setNoticeBacklog meant to never terminate?
- Cert Error HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gobrake.