How can we improve Azure Storage?

Fix Azure Storage Emulator security issue by enabling a custom or random storage key

We are not allowed to provide the storage emulator to our developers because of the security issues of its design!

Possible to have a custom storage key for devstoreaccount1 (or a randomly created one) via e.g. "AzureStorageEmulator newKey"?

Current implementation is a security issue because a) it is a default password, which against almost all compliance frameworks, b) you are storing it hardcoded in cleartext in the configuration file.

The hashed form (preferably via SHA256 or SHA512) can then be stored on local file system instead of the cleartext one. (a good idea could be using SHA512CryptoServiceProvider for preventing errors on systems where FIPS compliance GPO is set)

2 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    MichaelMichael shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    0 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...

      Feedback and Knowledge Base