Open soxofaan opened 1 year ago
willrayeo
commented
1 year ago @soxofaan If you are not using the openeo library, is there a short-term solution that can be used, while a generic python package is designed and developed? For example, is it better to suggest to users to input their credential from a text file stored locally or not take this approach at all?
soxofaan
commented
1 year ago The main issue to address is indeed avoiding that people have to copy-paste their main CDSE password verbatim in a notebook indeed. Loading it from an external (config) file is a possible solution, or using getpass functionality as wireframed in https://github.com/eu-cdse/notebook-samples/issues/13#issuecomment-1623444901
soxofaan
commented
8 months ago I just noticed this forum post https://helpcenter.dataspace.copernicus.eu/hc/en-gb/community/posts/17705912197021 which indicates that users are indeed putting their CDSE password in clear text in their scripts and source code, which eventually will end up in version control probably, or, god forbid, public github repos
soxofaan
commented
8 months ago already found a github repo with password exposed:
jamal919
commented
7 months ago already found a github repo with password exposed:
Hi,
Thanks for catching it. I am not sure how this dev file went into online, but what is done is done. I have reset git history to erase it, and deleted the issue you created to erase any link to old/untracked blob.
Thanks again.
While reviewing some CDSE docs and notebook samples, I encountered some cases/snippets that establish poor security practices:
e.g. see eu-cdse/notebook-samples#11, eu-cdse/notebook-samples#12, eu-cdse/notebook-samples#13, #190, #192
The
openeoPython library already provides functionality to write example/demo code without these kind of security pitfalls, however it is tightly coupled to working with an openEO backend.I wonder if we should design a generic (non-openeo specific) Python package to simplify doing CDSE auth aspects and promote higher security standards.