New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support for blackfire.io #211
Conversation
I like the idea. I just don't like receiving sensible data like the token. |
Reasonable concern. I'll try to work something out with that. |
Actually the server-id and token aren't very sensible and can be shared. For reference: http://blog.blackfire.io/credentials.html |
Yeah, that's what my understanding was, yet I've started implementing prompt during vagrant provision. I can go that way, but I don't think it's necessary. |
Documentation says: "The token-part especially must be kept secret. If you leaked it by mistake, you can and should regenerate it." I think a prompt during provision is a good option. Just warn user in UI that this is going to happen. |
When you deploy Blackfire on a server only the server credentials matter and they can be leaked because they are used to say "anyone authorized for this server credential can profile this server". So if your server credentials leaked and if someone uses them on his server he will grant you the authorization of profiling his own server. Nothing else. Only the client credentials must but kept secret. |
@@ -50,5 +50,21 @@ | |||
{% endfor %} | |||
</select> | |||
</div> | |||
<div class="field"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add a link to https://blackfire.io/account/credentials or something? I think it would be handful
I think we can trust @Nicofuma in this one as him should "know something" about this matter :) A prompt isn't a great idea because it'll break the automated part. |
I've prepared a version with prompt, but due to Vagrant limitations, only "secret" (non-echoing) prompt will work. @InFog, which way you me want to pursue? |
@InFog the part of the documentation you've cited relate to client token that is not used here at all. |
updated the original PR to reflect @naxhh's remarks. |
If data is not sensible, it's fine for me 👍 :) |
Great :-) I've just tested the code again, works as expected. |
Looks ok. |
Sure thing :) |
Thanks for this! |
Thanks! |
The PR adds support for blackfire.io code analysis service. In the form you can provide server id and token that are necessary for the profiler to work.