Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Data Protection on Linux & OSX stores keys unencrypted in the user profile directory #111

Open
blowdart opened this issue Nov 17, 2015 · 0 comments
Open

Data Protection on Linux & OSX stores keys unencrypted in the user profile directory #111

blowdart opened this issue Nov 17, 2015 · 0 comments
Labels
Announcement
Milestone
1.0.0-rc1

Comments

@blowdart
Copy link
Member

Please direct discussion to aspnet/DataProtection#108

The Data Protection stack creates a key ring and rotates keys on a regular basis. Under OSX and Linux keys are stored unencrypted under the user profile path, in ~/.aspnet/DataProtection-Keys.

You should ensure permissions on this directory are limited to the user account your application runs as. You can review permissions with ls -l path and adjust permissions using chmod. chmod 700 will limit read, write and execute permissions to the directory owner.

We are still examining options for better protection on these platforms.
@blowdart blowdart added this to the 1.0.0-rc1 milestone Nov 17, 2015
@aspnet aspnet locked and limited conversation to collaborators Nov 17, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Announcement
Projects
None yet
Milestone
1.0.0-rc1
Development

No branches or pull requests
1 participant
@blowdart