ropsec: a package for easing operations security for the R user

D43a2505af873d7e10a7d5477fd46586?s=47 Ildikó Czeller
July 11, 2019
Programming
2
110

ropsec: a package for easing operations security for the R user

D43a2505af873d7e10a7d5477fd46586?s=128

Ildikó Czeller

July 11, 2019
Tweet

More Decks by Ildikó Czeller

See All by Ildikó Czeller
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
77
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
12
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
16
D43a2505af873d7e10a7d5477fd46586?s=48 czeildi
0
110

Other Decks in Programming

See All in Programming
9af444e4e7110845f0b3319efb1ca252?s=48 920oj
1
680
0ca0c0ec6efe3a7f5220332a910e6da0?s=48 shinyoshiaki
1
510
Bf3acef686273e03fa4fdf125fdad3e9?s=48 kuncevic
0
120
Aae878e0b108379a60ca627ee262befa?s=48 susanpotter
0
170
D360f2c7f29fa7e28e3e648031fbe2f3?s=48 kajyuuen
0
100
719435d98d452de7ac367c828266cf01?s=48 erikaheidi
5
3.5k
817e89f88197980860f1854b74fbee25?s=48 lcdsmao
2
340
Fc96157614ee73039c4a575906167979?s=48 fukumura
0
260
137d3908243acfc30e126615d59d4e6d?s=48 glaforge
0
210
F54b73a93fb75a12fa6c28b26ca0bb62?s=48 kawakawaryuryu
0
120
9ae4f3862d4cb0771cfd36e43252f755?s=48 kurotanshi
0
240
5fc8ab822e946a8ddfa46ba15a848392?s=48 fuqda
1
150

Featured

See All Featured
E13c31390e0369fcd5972292ce0e7b92?s=48 jnunemaker
40
4.3k
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
2
410
44b54d2ffcb7857004071cc6795dde11?s=48 cassininazir
342
20k
4394ceb8b277f35ee3da7030384efb5d?s=48 davidbonilla
68
3.4k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
319
53k
15f2b8221f247985a27a627d2ece72f0?s=48 pauljervisheath
193
15k
027d1ebf66cc039a0bd3b55eeadbe75d?s=48 sachag
447
35k
761be20b5ebd271008bcee1244fc5b52?s=48 matthewcrist
70
7k
C44e1f7e22c3f23cff7bc130871047ef?s=48 eileencodes
110
24k
C157b16234f1e75e8eac3698c1d4414a?s=48 ddemaree
274
31k
016edace78ffe826f2348d1e0c504afd?s=48 maggiecrowley
2
180
B83d5b590577969ee79a5ad845411a7d?s=48 ammeep
652
54k

Transcript

  1. {ropsec}: R OPerations SECurity unconf ‘18 project on GitHub

  2. ... but unnecessarily hard @czeildi Data Scientist @Emarsys security is

    important ...

  3. Are you who you say you are? verify authenticity of

    commits @czeildi Data Scientist @Emarsys

  4. without signing @czeildi Data Scientist @Emarsys

  5. with signing @czeildi Data Scientist @Emarsys

  6. • Person 1 as person 1: good commit • Person

    2 as person 2: good commit • Person 3 as person 1: evil commit @czeildi Data Scientist @Emarsys

  7. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  8. @czeildi Data Scientist @Emarsys GitHub / web of trust sign

    with , GitHub verifies with

  9. specific technology • OpenPGP: standard • gpg : low-level •

    ropsec : end2end @czeildi Data Scientist @Emarsys

  10. ropsec::sign_commits_with_key() Do you want to sign future commits with `9958986BA31B2E1E`?

    This will set your user.email from example@gmail.com to test@test.com. 1: Yes 2: No reduce risk of mistake @czeildi Data Scientist @Emarsys

  11. ropsec::store_public_key() Public GPG key is uploaded to GitHub. Unauthorized request.

    Check your token. Uploaded key is unverified, emails do not match. Delete the key (https://github.com/settings/keys) and try again. communicate status @czeildi Data Scientist @Emarsys

  12. • askYesNo, getPass::getPass • git2r::config • gpg::gpg_keygen testing global changes

    @czeildi Data Scientist @Emarsys

  13. #throws error if password prompt cancelled: stub(generate_key, "getPass::getPass", NULL) expect_error(

    generate_key("John Doe", "jd@example.com"), "GPG key generation cancelled by user" ) testing global changes @czeildi Data Scientist @Emarsys

  14. ropsec::full_on_audit()$suggestions • Use SSH key of size at least 2048

    • Install a PAM module for password strength testing like pam_cracklib audit your computer in detail @czeildi Data Scientist @Emarsys

  15. {ropsec}: available on GitHub • sign your commits • audit

    your computer