|
|
|
|
|
|
by kkyryl
3340 days ago
|
|
|
yes, that is correct. we actually started without keeping refresh tokens and only using access tokens – but they expire really fast and google api randomly stops accepting them so we had to start keeping refresh tokens as well. they are encrypted and can only be decrypted by "scan" and "action" (delete, trash, etc) jobs, job servers are not exposed to the outside and can only be accessed via the private network via ssh using access keys and only from a specific node which has those keys. keys are password protected. access to that specific node is restricted to a set of known public ip addresses. database and job servers are different servers of course. database servers are also only accessible within the private network. the only thing that's publicly exposed is a load balancer.
to access anything else we log in to the "gateway" instance which we access by ip only and it does not have any domain name associated with it. with all that – I am very open to ideas about protecting that further. |
|
|