Quick glance through the code doesn't reveal any major risks, actually seems to be fairly well written. Author seems to like to write a lot of static methods/utility classes rather than rely on composition using dependency injection... not exactly a modern development style but it's good enough. Author avoids needless abuse of software patterns. It'd be pretty easy to do a security audit on this code base.
On a side note... We've largely solved the "key distribution" problem by storing public SSH keys in LDAP. OpenSSH 6.6+ (I think) has a AuthorizedKeysCommand that can execute a script. We have a script that does an LDAP search to pull the public keys for the incoming user.
3 comments
[ 3.2 ms ] story [ 22.0 ms ] threadQuick glance through the code doesn't reveal any major risks, actually seems to be fairly well written. Author seems to like to write a lot of static methods/utility classes rather than rely on composition using dependency injection... not exactly a modern development style but it's good enough. Author avoids needless abuse of software patterns. It'd be pretty easy to do a security audit on this code base.