如何在 Power BI DataConnector 中存储凭据?
How to store credentials in Power BI DataConnector?
我正在构建一个使用 OAuth 的自定义 Power BI DataConnector。我在 OAuth 中关注 github example. But this stores client credentials (required for the 'code flow')作为纯文本文件。有安全的替代方法吗?
不幸的是,根据 Microsoft 员工 Curt Hagenlocher 的说法,由于当前的“最先进技术”,无法安全地保护这些凭据:
There is no way to protect a secret on someone's desktop. That's why some OAuth providers (like AAD) support a "native app" mode where there's a client id but no secret. The most recent development in this space is PKCE, and we're aiming to have sample code for that later this year.
In principle, a secret could be supplied separately for service use -- and I'd like to see us do that some day -- but there's a lot of infrastructure which would need to be created to support that.
我建议对模块本身进行加密,而 Curt 的回答是这也是无效的:
All someone needs to do is have Fiddler running and they can see
exactly what secret is being sent to the token endpoint.
完整对话:
我正在构建一个使用 OAuth 的自定义 Power BI DataConnector。我在 OAuth 中关注 github example. But this stores client credentials (required for the 'code flow')作为纯文本文件。有安全的替代方法吗?
不幸的是,根据 Microsoft 员工 Curt Hagenlocher 的说法,由于当前的“最先进技术”,无法安全地保护这些凭据:
There is no way to protect a secret on someone's desktop. That's why some OAuth providers (like AAD) support a "native app" mode where there's a client id but no secret. The most recent development in this space is PKCE, and we're aiming to have sample code for that later this year.
In principle, a secret could be supplied separately for service use -- and I'd like to see us do that some day -- but there's a lot of infrastructure which would need to be created to support that.
我建议对模块本身进行加密,而 Curt 的回答是这也是无效的:
All someone needs to do is have Fiddler running and they can see exactly what secret is being sent to the token endpoint.
完整对话: