Azure: CloudQueue and security, put a Access Key into a CloudQueueMessage
https://stackoverflow.com/questions/11879901
-
25-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
To give some work to my (workers) roles I put - into a queue - a message like:
"connectionString inputContainerName outputContainerName WorkToDo"
connectionString is an azure connection string as:
"DefaultEndpointsProtocol=https;AccountName=my_name;AccountKey=my_key"
It is a local app which put this message on a CloudQueue on azure.
And after this CloudQueue is read by Workers Roles in Azure.
Is it a good idea ?
Is this way secure ?
La solution
If you use HTTPS for sending messages to the queue this is secure. You can only read the queue if you have the primary or secondary access key, so reading using HTTPS is also secure.
But why would you want to send the access key in the queue message? You're not sending the account name, so this is already a problem. But your workers will need an account name + key to read from the queue, so why not have them read from the containers directly aswell? Even if you use a different storage account, you could save that info in a different setting in your ServiceConfiguration.cscfg
