ConduitIO / conduit

Conduit streams data between data stores. Kafka Connect replacement. No JVM required.
https://conduit.io
Apache License 2.0
400 stars 50 forks source link

Feature: Hash sum validation for connectors #586

Open hariso opened 2 years ago

hariso commented 2 years ago

Feature description

Conduit connectors are go-plugin clients, and go-plugin supports hash sum validations for those:

// SecureConfig is used to configure a client to verify the integrity of an // executable before running. It does this by verifying the checksum is // expected. Hash is used to specify the hashing method to use when checksumming // the file. The configuration is verified by the client by calling the // SecureConfig.Check() function. // // The host process should ensure the checksum was provided by a trusted and // authoritative source. The binary should be installed in such a way that it // can not be modified by an unauthorized user between the time of this check // and the time of execution.

Source: https://github.com/hashicorp/go-plugin/blob/master/client.go#L230-L239

This can be used to increase a Conduit operator's confidence that the plugins used haven't been tampered with.

uchennakevinm1 commented 2 years ago

bring this up during the next release cycle.