Obfuscating secret values in custom server plug-ins for Studio Server

Custom plug-ins for Studio Server can contain secret values such as passwords and IDs for connecting to various platforms.

When the wwtest/wwinfo.php file is called in Studio Server, constants of which the value is a secret are openly displayed.

To secure these values by obfuscating them, do the following:

Step 1. Add the defines in a configuration file (such as a file named <plug-in name>_config.php) and make it part of your plug-in.

Step 2. Add a connector to your plug-in:

<plug-in name>_ConfigFiles.class.php

The content of the file should be as shown below.

Add your defines and their secret values (in the example 'optionName' and 'MY_BIG_SECRET'). Also replace all instances of <plug-in name> with the name of your plug-in.

Copy the code

<?php declare(strict_types=1);
require_once BASEDIR.'/server/interfaces/plugins/connectors/ConfigFiles_EnterpriseConnector.class.php';

class <plug-in name>_ConfigFiles extends ConfigFiles_EnterpriseConnector
{
	final public function getConfigFiles()
	{
		return [ '<plug-in name>_config.php' => BASEDIR.'/config/plugins/<plug-in name>/config.php' ];
	}

	final public function displayOptionValue( $configFile, $optionName, $value )
	{
		require_once BASEDIR.'/config/plugins/<plug-in name>/config.php';
		if( $optionName === 'MY_BIG_SECRET' ) {
			$value = '***';
		}
		return $value;
	}
}

This way the value 'MY_BIG_SECRET' will be obfuscated, also when it has been added to the config_overrule.php file.