vcr icon indicating copy to clipboard operation
vcr copied to clipboard
verified publisher icon ropensci

Security for cached response bodies

Open sckott opened this issue 7 years ago • 4 comments

Some responses may have content that the user doesn't want to be on the public web unsecured. We currently have ability to replace sensitive strings with placeholders, but not the entire response body.

Perhaps it's easy enough to toggle a switch to write a secure hash of the response body rather than the text response body itself. With a secure env var for encrypt/decrypt.

🤔

sckott avatar Jun 14 '18 19:06 sckott

note to self: an example to play with is chimpr pkg where we don't want response bodies containing sensitive info to be public

sckott avatar Jun 14 '18 19:06 sckott

there doesn't seem to be anything about this in ruby vcr

sckott avatar Jun 14 '18 19:06 sckott

Perhaps it's easy enough to toggle a switch to write a secure hash of the response body rather than the text response body itself. With a secure env var for encrypt/decrypt.

Wow this sounds very cool. (well less so for external collaborators)

maelle avatar Feb 06 '20 09:02 maelle

it does seem doable at least, haven't tried it yet though

sckott avatar Feb 06 '20 17:02 sckott