This project is read-only.

security

Apr 14, 2008 at 12:26 AM
I have been looking for an open source app which I can manage my Amazon S3 space easily with. After some quick tests with SpaceBlock maybe I have found an interesting candidate which could replace the s3fox addon for Firefox. Keep up the excellent work :-)
I am a little picky when it comes to password and security issues in general. Could you elaborate on this a little more, e.g. how the Amazon keys etc. are handled/stored. Thanks in advance.


Coordinator
Apr 14, 2008 at 1:39 AM
SpaceBlock saves all account settings locally on the client machine, but encrypts the Amazon secret key using the Windows DPAPI: http://msdn2.microsoft.com/en-us/library/ms995355.aspx

The "master password" serves as the entropy data for encryption/decryption, and is never stored on the disk. This is why you are prompted for it when your account settings change, or when you change passwords.

If you are concerned about transport-level security (network sniffing), you should select "use SSL" when setting up your accounts.

At the end of the day, no closed third-party libraries are used, so you can take a look at the source and see for yourself.

Let me know if you have any other specific concerns!

Thanks,
- John
Apr 16, 2008 at 12:19 AM
Thank you for your prompt reply.

Yes, if a developers application is obliged to integrate encryption open source software is the only way to go! Everyone can have a look...

I will continue to use the software and provide feedback when I come across an interesting new feature or a shortcoming.