Hello Flow developers!
I want to protect some custom commands (on command line).
Therefor I want to use a token, but I’m unshure if its possible to use the flow security framework because there is no “request”.
Has someone any sugestions?
Thanks!
Frank
Hi Frank,
the security framework is not active during CLI requests because under normal circumstances it would be relatively easy to circumvent security measure, because you have access to all code and data. For example, a user can display all settings (including credentials) with ./flow configuration:show --type Settings.
Depending on your use case you might want to look into other ways to protect your commands (with external tools).
Robert
Hi Robert,
Thanks for yr reply!
Yes, I know, anybody can access all code from command line.
The background of my question is, some code should be executed by “Scheduler.Master” to import data from external sources. Of course the schedular has to know the credentials too.
And yes, it’s a general problem of all scripts, which i.e. have access to databases and so on.
But thank you for your info about security framework and CLI!
Frank