eantyshev commented on code in PR #24287: URL: https://github.com/apache/beam/pull/24287#discussion_r1029607531
########## learning/tour-of-beam/backend/README.md: ########## @@ -101,7 +103,9 @@ gcloud datastore indexes create ./internal/storage/index.yaml for endpoint in getSdkList getContentTree getUnitComplete getUserProgress postUnitComplete postUserCode; do gcloud functions deploy $endpoint --entry-point $endpoint \ --region $REGION --runtime go116 --allow-unauthenticated \ - --trigger-http --set-env-vars="DATASTORE_PROJECT_ID=$PROJECT_ID,GOOGLE_PROJECT_ID=$PROJECT_ID" + --trigger-http \ + --set-env-vars="DATASTORE_PROJECT_ID=$PROJECT_ID,GOOGLE_PROJECT_ID=$PROJECT_ID" \ + --set-secrets 'PERSISTENCE_KEY_SALT=persistence_key_salt:latest" Review Comment: If we don't set PERSISTENCE_KEY_SALT in postUserCode CF, then empty salt is used, and everything works but with some minor security risks: It would be possible to calculate the persistence_key for another user as `sha256(SDK, unitID, userID)` But Firebase User ID isn't exposed too, unless someone is already eavesdropping on another user's session. Quite a minor risk, maybe But, if at some point we decide to set PERSISTENCE_KEY_SALT non-empty, there'll be no way to keep user progresses, so better to decide now -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
