New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for encrypting data sent to Geckoboard. #18
Conversation
Hi Jeremy, Thanks for developing this feature! PyCrypto is required for this feature, and I think it should be an optional dependency. Do you agree? That would mean adding the dependency to Could you also add some documentation in Joost |
Hi Joost, Thanks for the feedback. Yes, I think it makes sense to make it an optional Sure, I'll add some documentation. Jeremy On Tue, Oct 1, 2013 at 3:26 PM, Joost Cassee notifications@github.comwrote:
|
Although I have never used optional dependencies myself, I expect this would be the right way to extend
If another projects depends on django-geckoboard with encryption, it could do so by adding The import itself would go something like this:
|
I'm still not clear how this would work in my use case. I don't have a separate class WidgetDecorator(object):
...
def __new__(cls, *args, **kwargs):
obj = object.__new__(cls)
obj._encrypted = None
if 'encrypted' in kwargs:
if not encryption_enabled:
raise GeckoboardException('pycrypto package required for use of encryption')
obj._encrypted = kwargs.pop('encrypted') |
Although it is not well documented, pip also supports the optional dependency syntax. See also the links in this StackOverflow question The problem with making the dependency hard is that PyCrypto is a C extension, which makes it more difficult to install than a plain Python one. The way you suggest checking if PyCrypt is installed sounds good. |
- Fix comment (character encoding issue)
Hi Joost, I finished making pycrypto a dependency on the encryption feature and also finished adding comments to Jeremy |
Add support for encrypting data sent to Geckoboard.
Thanks a lot, Jeremy! |
One question, is encryption only possible for JSON output, or XML too. I cannot find any docs in the Geckoboard knowledgebase... |
JSON only. I've attached the document Rob sent me. I don't think it's in JJ On Mon, Oct 7, 2013 at 1:26 PM, Joost Cassee notifications@github.comwrote:
|
Thanks for the info. The attachment did not come through, but that's alright. I think the decorator should reject sending XML in plain text if encryption is requested, as the data is probably sensitive. Not doing this would even open up the possibility of a man-in-the-middle attack where the attacker changes the request to add the format parameter to make the widget output XML instead of JSON. I also merged Rob's pull request. Although the tests still pass, could you check I did not make any mistake? |
Last commit raises |
Excellent point. Your changes look good to me. On Mon, Oct 7, 2013 at 1:47 PM, Joost Cassee notifications@github.comwrote:
|
Great, thanks. If Rob also gives green light I will upload a new version to PyPI. |
Let me know when you've updated PyPI. I'm anxious to update our production On Mon, Oct 7, 2013 at 2:09 PM, Joost Cassee notifications@github.comwrote:
|
I have not heard from Rob, so I'm assuming everything is alright. I'll make a release. |
Awesome, thanks! On Thu, Oct 10, 2013 at 3:48 AM, Joost Cassee notifications@github.comwrote:
|
Geckoboard is adding support for a feature called client encryption that allows encrypting data sent to Geckoboard and is decrypted client-side after entering the password used for encryption.
This pull request proposes enabling encryption using a decorator argument as follows: