Custom plug-ins for Studio Server can contain secret values such as passwords and IDs for connecting to various platforms.
When the wwtest/wwinfo.php file is called in Studio Server, constants of which the value is a secret are openly displayed.
To secure these values by obfuscating them, do the following:
Step 1. Add the defines in a configuration file (such as a file named <plug-in name>_config.php) and make it part of your plug-in.
Step 2. Add a connector to your plug-in:
<plug-in name>_ConfigFiles.class.php
The content of the file should be as shown below.
Add your defines and their secret values (in the example 'optionName' and 'MY_BIG_SECRET'). Also replace all instances of <plug-in name> with the name of your plug-in.
<?php declare(strict_types=1);
require_once BASEDIR.'/server/interfaces/plugins/connectors/ConfigFiles_EnterpriseConnector.class.php';
class <plug-in name>_ConfigFiles extends ConfigFiles_EnterpriseConnector
{
final public function getConfigFiles()
{
return [ '<plug-in name>_config.php' => BASEDIR.'/config/plugins/<plug-in name>/config.php' ];
}
final public function displayOptionValue( $configFile, $optionName, $value )
{
require_once BASEDIR.'/config/plugins/<plug-in name>/config.php';
if( $optionName === 'MY_BIG_SECRET' ) {
$value = '***';
}
return $value;
}
}This way the value 'MY_BIG_SECRET' will be obfuscated, also when it has been added to the config_overrule.php file.
Comment
Do you have corrections or additional information about this article? Leave a comment! Do you have a question about what is described in this article? Please contact Support.
0 comments
Please sign in to leave a comment.