conduit icon indicating copy to clipboard operation
conduit copied to clipboard

Published 20 hours ago verified publisher icon ConduitIO

Feature: Hash sum validation for connectors

Open hariso opened this issue 2 years ago • 1 comments

Feature description

Conduit connectors are go-plugin clients, and go-plugin supports hash sum validations for those:

// SecureConfig is used to configure a client to verify the integrity of an // executable before running. It does this by verifying the checksum is // expected. Hash is used to specify the hashing method to use when checksumming // the file. The configuration is verified by the client by calling the // SecureConfig.Check() function. // // The host process should ensure the checksum was provided by a trusted and // authoritative source. The binary should be installed in such a way that it // can not be modified by an unauthorized user between the time of this check // and the time of execution.

Source: https://github.com/hashicorp/go-plugin/blob/master/client.go#L230-L239

This can be used to increase a Conduit operator's confidence that the plugins used haven't been tampered with.

hariso avatar Aug 23 '22 08:08 hariso

bring this up during the next release cycle.

uchennakevinm1 avatar Sep 06 '22 15:09 uchennakevinm1