search

mallouk / MusicStreamer

Android app which streams music stored in an AWS bucket. Functions similar to Spotify, but with your own personal owned music!
3 stars 2 forks source link

Location of Hardcoded Credentials #1

Open Eaderibigbe opened 8 years ago

Eaderibigbe commented 8 years ago

Hello, Can you please specify location to put the keys required to run this app. Regards, Emmanuel

mallouk commented 8 years ago

Sorry Emmanuel. I can't share my keys for this application. The reason for that being is that it'd be a security issue. (Also, I keep my playlist of music to myself).

The way it generally is supposed to work (I can't remember if my comments in the code went in depth about this), but the user of the application is supposed to create an AWS (Amazon Web Services) account and create some s3 buckets to actually play the music for their playlist. Within the AWS account itself there is an option to generate keys (public/private infrastructure keys). The keys you generate will be hardcoded into the app (as you've found out) and the s3 bucket you create will also be hardcoded into the app as well (I believe the hardcoded term I used in my code was "musicapp". The creation of the S3 bucket is free and everything up to about 10GB (I believe) is free. Amazon will need to keep a credit card on file (as it typically does for purchases and things). Everything else should be already set in place.

So to wrap up and answer your question you need to do a few of things: 1) Make an AWS account 2) Generate some keys to go with your AWS account (should be able to google that one and find tutorials/documentation on it). 3) Create your S3 bucket 4) Hardcode in your keys and S3 bucket name into the app (not the most elegant solution, but eh, it's good enough) 5) Compile your code and push it to your phone.

You should be good by that point. Currently my app filters out any file on the S3 bucket that are not mp3s. You can tweak that yourself if you like in the code. Another thing to note, if you're making changes to my app and fork it for your own processes, make sure you take out your public/private keys before pushing to github....otherwise you'll get a nice little call from Amazon saying that your keys have been compromised.

Eaderibigbe commented 8 years ago

Hi Matthew, Thanks for your prompt response. I am actually not asking for your keys as I understand the security implications. My request is where in your application is this declared.

Thank On 14 Jun 2016 13:59, "Matthew Jallouk" notifications@github.com wrote:

Sorry Emmanuel. I can't share my keys for this application. The reason for that being is that it'd be a security issue. (Also, I keep my playlist of music to myself).

The way it generally is supposed to work (I can't remember if my comments in the code went in depth about this), but the user of the application is supposed to create an AWS (Amazon Web Services) account and create some s3 buckets to actually play the music for their playlist. Within the AWS account itself there is an option to generate keys (public/private infrastructure keys). The keys you generate will be hardcoded into the app (as you've found out) and the s3 bucket you create will also be hardcoded into the app as well (I believe the hardcoded term I used in my code was "musicapp". The creation of the S3 bucket is free and everything up to about 10GB (I believe) is free. Amazon will need to keep a credit card on file (as it typically does for purchases and things). Everything else should be already set in place.

So to wrap up and answer your question you need to do a few of things: 1) Make an AWS account 2) Generate some keys to go with your AWS account (should be able to google that one and find tutorials/documentation on it). 3) Create your S3 bucket 4) Hardcode in your keys and S3 bucket name into the app (not the most elegant solution, but eh, it's good enough) 5) Compile your code and push it to your phone.

You should be good by that point. Currently my app filters out any file on the S3 bucket that are not mp3s. You can tweak that yourself if you like in the code. Another thing to note, if you're making changes to my app and fork it for your own processes, make sure you take out your public/private keys before pushing to github....otherwise you'll get a nice little call from Amazon saying that your keys have been compromised.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mallouk/MusicStreamer/issues/1#issuecomment-225848203, or mute the thread https://github.com/notifications/unsubscribe/AAr5jPdQlQeVMCD9ApC_1QM_ZFECbc8Vks5qLommgaJpZM4I08Rj .

mallouk commented 8 years ago

Hey Emmanuel. Sorry for the late response. Can you clarify your question exactly? Like where do you place the hardcoded keys?

There should be two empty strings inside the AmazonAccountKeys.java file (located in the musicstreamer directory). The two particular strings you'll need to tweak are the publicKey string and privateKey string. Obviously the strings are somewhat self-explanatory as to what goes in them.

As long as you tweak that bit of code and have valid keys and an AWS account, it should work. Let me know if you have anymore questions!