From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Adam Porter Newsgroups: gmane.emacs.devel Subject: Re: Storing sensitive data indefinitely in variables or buffers: Whether and how to fix? Date: Thu, 1 Jun 2023 15:47:39 -0500 Message-ID: <5b541bf1-1d13-ac8e-a91c-e1b238cc6f84@alphapapa.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="19538"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Cc: adam@alphapapa.net, emacs-devel@gnu.org, yantar92@posteo.net To: jschmidt4gnu@vodafonemail.de Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Jun 01 22:48:37 2023 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q4pDn-0004nT-RE for ged-emacs-devel@m.gmane-mx.org; Thu, 01 Jun 2023 22:48:36 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q4pD6-0001Md-8X; Thu, 01 Jun 2023 16:47:52 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q4pD1-0001M5-DG for emacs-devel@gnu.org; Thu, 01 Jun 2023 16:47:47 -0400 Original-Received: from cross.elm.relay.mailchannels.net ([23.83.212.46]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q4pCz-0007vU-3R for emacs-devel@gnu.org; Thu, 01 Jun 2023 16:47:46 -0400 X-Sender-Id: dreamhost|x-authsender|adam@alphapapa.net Original-Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 751796C1502; Thu, 1 Jun 2023 20:47:37 +0000 (UTC) Original-Received: from pdx1-sub0-mail-a222.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id EBF346C1154; Thu, 1 Jun 2023 20:47:36 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1685652457; a=rsa-sha256; cv=none; b=d4SWoxZpnmW5a1AjdMcCfavMgsGuRszM5ZK/sv2pzweBTkPTVdHXFpbJfCLsQtMXkhqqGM 5UBU9yU3uNK1YSmczmfRvyFK8ZoHyH1mWyIPjZCiF6XOB/uNHO+zer4nPB3l57LzF+8CoB SKN2MefNMLkhHy7MopFN6xKMsR/3GP1DalyDPXPskBxcpowOGJhs5MQ0d/xJbwgOz49sV9 JwGZ+EagWQP56vq8O4UcEekzQWQOKLsEFVsBq7jgZChOVxUBmhz1WB4CpR9ex0h4AHoSjl QvBOjl2Tb1xd4jO7qr2DOOlYMo/iFEOIhpj31/aTFgDYBjgGt+qZZr06PfOhFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1685652457; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=e2+PHabeBOPhKn6DC7Cil/XI4j6mjcJKJQYnKPK9shY=; b=2NqarT2wsNtjO19t8C/FLDv3uhKsMJb+z/eOCuOzRcIc/0cAoE7f85GjB9OfNeSHwYGL5W XZz3b9E+H4kim7H2dMesM56v3f3gLcJ18vOlTDeGRJNIjs+Z0pllRdCN4Hc77S31Awkv5Z CsHjYROVpRo1tUSLcrlvgGeAYbmfSFUEw67HBPnV/8WSzpX5zoWUATppUHb8fvc3SNrkwO ipq8tvfJhHif+mOXJf8fK+ky84D/cGED2p1dVlT/yv/SNzbgw1aBGR2aupcUh0NVToOCi4 m2+rK33DsCI2E1UwbPtNRLpNcaVqiPiGIs50C5yzq9B/xobSvPhxMVDhexDg/w== ARC-Authentication-Results: i=1; rspamd-6d9fc76ff9-99bkf; auth=pass smtp.auth=dreamhost smtp.mailfrom=adam@alphapapa.net X-Sender-Id: dreamhost|x-authsender|adam@alphapapa.net X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|adam@alphapapa.net X-MailChannels-Auth-Id: dreamhost X-Thoughtful-Troubled: 3a7f9a367a09b50b_1685652457250_56574768 X-MC-Loop-Signature: 1685652457250:4279032106 X-MC-Ingress-Time: 1685652457250 Original-Received: from pdx1-sub0-mail-a222.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.119.120.12 (trex/6.8.1); Thu, 01 Jun 2023 20:47:37 +0000 Original-Received: from [10.60.1.78] (unknown [193.56.117.222]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: adam@alphapapa.net) by pdx1-sub0-mail-a222.dreamhost.com (Postfix) with ESMTPSA id 4QXJ9N2JHyzM5; Thu, 1 Jun 2023 13:47:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alphapapa.net; s=dreamhost; t=1685652456; bh=e2+PHabeBOPhKn6DC7Cil/XI4j6mjcJKJQYnKPK9shY=; h=Date:To:Cc:Subject:From:Content-Type:Content-Transfer-Encoding; b=DbSlt4X/YuMz9UXPbhpkH1Ruakq1YBvP3YlA0ORi7+s7Ju1gbSy9p9LhDI5pcIXWC YcpeVLTubabZcYHbyBjTcDD45jb0cD5aJRbj+/OCNX0zu/eqBxgEfqyXMqpC4V8EQA JRKwQiiE/qu3WrdCGwIQBoq1csnDLmW/Mtlv86tLEn/bA67Xq510njgiXVAZPlhvfx 8bWOjeYqEcp8Wi+BGZi8KVg73/uE9X/7G+aQLEM4OnnYKemuVXnAB8md6dEfDmcA7C m8H7b0QaYFGmu/itEw69VrNmncg/MfxNG0kypaT/C8vBXcJo/VT7nlwVMvyVFp6GNC S4ZTQ2OpP0vHQ== Content-Language: en-US In-Reply-To: Received-SPF: neutral client-ip=23.83.212.46; envelope-from=adam@alphapapa.net; helo=cross.elm.relay.mailchannels.net X-Spam_score_int: -13 X-Spam_score: -1.4 X-Spam_bar: - X-Spam_report: (-1.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:306530 Archived-At: Thanks to all for the discussion on this thread. IMHO expiry is an orthogonal issue to, at least, the kind of backend data storage/retrieval library I'm asking for. I think it should be up to the application to prune the data according to its needs. The storage API should simply save and return data to the application. So if the application wants to expire some data, it should retrieve the collection, discard elements it doesn't need anymore, and rewrite the collection using the library's API. plstore looks like an interesting library, but even that looks like more than the simple solution I'm wishing for. I'm not sure that, as an application author, I should need to care about which keys in a record are encrypted or not. I just want to do something simple and Lispy, like: (alist-get "@alphapapa:matrix.org" (secure-storage 'ement-sessions)) To get my Matrix session's data. Or: (map-nested-elt (secure-storage 'ement-sessions) '("@alphapapa:matrix.org" token)) to get that session's token. And then: (setf (map-nested-elt (secure-storage 'ement-sessions) '("@alphapapa:matrix.org" token)) "foobarbaz") to write the data to the secure storage. And then the secure-storage library should automatically handle the encryption/decryption, filesystem location, backend format, prompting the user for a key and/or caching it appropriately, etc. I think this is the simplest kind of API that could be useful to applications--and it would be really useful.