| View previous topic :: View next topic |
| Author |
Message |
RickKruer
Joined: 11 Jan 2008
Posts: 4
Location: Mesa, Arizona 85213, USA, Planet Earth
|
 Posted: Fri Jan 11, 2008 2:45 pm Post subject: Access Key/Secret Key Encrypted When Saved in Quick Connect? |
Reply with quote - |
|
hello,
I am testing BucketExplorer and like it very much (although I would prefer a native Windows program instead of Java, but I understand the lure of writing for multiple platforms).
When I save my AWS Access Key and Secret Key in a Named Quick Connect slot, where is this data kept?
In the Windows registry?
Or in a config file on the filesystem?
Is this data encrypted so a casual user cannot view the config file and see my Access key and Secret key?
thanks, Rick |
|
| Back to top |
|
Saurabh Dani
Administrator
Joined: 04 Nov 2006
Posts: 469
Location: Secaucus, NJ
|
| Posted: Fri Jan 11, 2008 2:56 pm Post subject: Re: Access Key/Secret Key Encrypted When Saved in Quick Conn |
Reply with quote - |
|
| RickKruer wrote: | hello,
I am testing BucketExplorer and like it very much (although I would prefer a native Windows program instead of Java, but I understand the lure of writing for multiple platforms). |
We are getting more Mac & Linux users then what we had originally hoped. So, this was truly a good choice for us:)
| RickKruer wrote: |
When I save my AWS Access Key and Secret Key in a Named Quick Connect slot, where is this data kept?
thanks, Rick |
It is stored in a file called BucketExplorer.xml, and that file is stored in same folder where BucketExplorer.exe is extracted. We do NOT even TOUCH the registry. You can take the entire bucket explorer folder on a USB key and use it from any machine. Even the installer does not write anything to registry. Its "Self Extractor zip" and not an installer.
Yes the keys are encrypted in that XML file.
Thanks
Saurabh |
|
| Back to top |
|
RickKruer
Joined: 11 Jan 2008
Posts: 4
Location: Mesa, Arizona 85213, USA, Planet Earth
|
| Posted: Fri Jan 11, 2008 3:19 pm Post subject: |
Reply with quote - |
|
Thank you for the info about the secret keys kept in the XML file. I am wondering how "strong" an encryption do you use on this or it is a simple scramble that would be easily discovered by reversing the scramble?
Also, I am concerned about the security of using Quick Access, since Bucket Explorer permits direct access to my files on AWS, anyone that can access my computer and start Bucket Explorer has keys to the kingdom of all my unencrypted files on AWS.
I realize I can NOT use Quick Access, but that is a real pain to enter both the Access key and Secret key each time I start Bucket Explorer.
Would it be possible to add a "user defined password" option that would be required to start Bucket Explorer. Alternately, you could make the Quick ACcess item require a password, so that when I select a Quick Access item then BE will prompt me for the config password.
thanks, RIck |
|
| Back to top |
|
Saurabh Dani
Administrator
Joined: 04 Nov 2006
Posts: 469
Location: Secaucus, NJ
|
| Posted: Fri Jan 11, 2008 3:32 pm Post subject: |
Reply with quote - |
|
| It is not a simple scramble, but its not 100% secure. So yes, we can do what you are suggesting. We can add this in the next release. |
|
| Back to top |
|
|
Home
.
About us .
Contact us .
Privacy
.
Blog
