Closed matmicro closed 1 year ago
@matmicro We could change the program to do so but using the filestore is done on purpose for security reasons: the key file is stored on the filessystem so that you can configure a secured filestore part to prevent hackers from stealing the key. The passphrase to unlock the key file is stored in the database. Hence a hacker must be able to access both the database and the filestore.
I think that using NFS mount is the best way forward.
Can we imagine storing the passphrase into Environment Vairable then ? Could you provide help to modify the module accordingly ?
Maybe trying to implement the easiest solution, and letting the user to choose whether attachment is store into DB or Filestore.
We'll soon publish an update of the module with a cron job to download the bank statements. In order to allow this, the passphrase must be stored somewhere permanently and the DB looks like the most natural place to me.
I also don't like too much the idea of storing temporary files in the database. NFS mount sounds cleaner to me.
P.S. You may run into a second problem on a clustered environment: some banks do store the IP address of the EBICS client and block any attempt to establish a connection from an unkown IP. Hence you must ensure to always initiate the EBICS connection from the same IP.
Hi,
Is this possible to replace the use of local folder (which require to mount a NFS in a cluster config) by pushing all ebics_keys and ebics_files stored into ir.attachment (like db storage) ? This will simplify the configuration and keep all filestore starage more consistent, not having one exception for ebics file storage.
Does it exisits a module inherits that could provide this behavior ?
Thanks