EBICS files using ir.attachment

[matmicro]

Hi,

Is this possible to replace the use of local folder (which require to mount a NFS in a cluster config) by pushing all ebics_keys and ebics_files stored into ir.attachment (like db storage) ? This will simplify the configuration and keep all filestore starage more consistent, not having one exception for ebics file storage.

Does it exisits a module inherits that could provide this behavior ?

Thanks

[luc-demeyer]

@matmicro We could change the program to do so but using the filestore is done on purpose for security reasons: the key file is stored on the filessystem so that you can configure a secured filestore part to prevent hackers from stealing the key. The passphrase to unlock the key file is stored in the database. Hence a hacker must be able to access both the database and the filestore.

I think that using NFS mount is the best way forward.

[matmicro]

Can we imagine storing the passphrase into Environment Vairable then ? Could you provide help to modify the module accordingly ?

Maybe trying to implement the easiest solution, and letting the user to choose whether attachment is store into DB or Filestore.

[luc-demeyer]

We'll soon publish an update of the module with a cron job to download the bank statements. In order to allow this, the passphrase must be stored somewhere permanently and the DB looks like the most natural place to me.

I also don't like too much the idea of storing temporary files in the database. NFS mount sounds cleaner to me.

P.S. You may run into a second problem on a clustered environment: some banks do store the IP address of the EBICS client and block any attempt to establish a connection from an unkown IP. Hence you must ensure to always initiate the EBICS connection from the same IP.