Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(auth) validate deis cluster requests #7

Open
jackfrancis opened this issue Mar 18, 2016 · 3 comments
Open

(auth) validate deis cluster requests #7

jackfrancis opened this issue Mar 18, 2016 · 3 comments
Labels
security

Comments

@jackfrancis
Copy link
Member

This is a high-level issue to address the following concern:

  • How do we verify that a write-request (HTTP POST) originates from a real deis cluster?

We don't want to overly complicate things and, say, store user credentials. But we would like, longer term, to disallow random folks from reverse engineering our elegantly designed API and sending us bogus data.
@jackfrancis jackfrancis changed the title validate deis cluster requests (auth) validate deis cluster requests Apr 18, 2016
@arschles
Copy link
Member

@jackfrancis can you put this into a milestone?

@jackfrancis
Copy link
Member Author

We're currently considering rate limiting as a stratagem to address this. We're no longer seriously considering actually identifying cluster requests as coming from "real" clusters.

@jackfrancis
Copy link
Member Author

Not critical for 2.0 release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@arschles @mboersma @jackfrancis