|
|
|
|
|
|
by toast0
2543 days ago
|
|
|
The Atlassian response isn't great. But if you want to stay logged in beyond the process lifetime, that means storing the value on disk in a way that the software can read and use. The only way to protect that sort of token from disk access is to tie it into some secret storage that is protected with a strong credential -- either a TPM tied key store, or full disk encryption. Otherwise, I can encrypt it all day long, but I'll have to store the key somewhere I can read it, which is fairly well useless -- someone reading your disk who can read the encrypted token is going to be able to read the key as well. |
|
|