Skip to content

[GH-#134] Api functions protected by key, to control node #163

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Dec 15, 2017
Merged

[GH-#134] Api functions protected by key, to control node #163

merged 6 commits into from
Dec 15, 2017

Conversation

d-velev
Copy link
Contributor

@d-velev d-velev commented Dec 14, 2017

closes #134

cytadela8
cytadela8 approved these changes Dec 14, 2017
View reviewed changes
Copy link
Contributor

@cytadela8 cytadela8 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!
If we would like to be more security concerned if env_authorization == header_authorization do creates a possibility of a timing attack where attacker guesses the env_authorization one byte at a time due to the fact the comparison is not constant time. But such problems are not our concern for now. eg. In future the private API will be only available locally.

thepiwo
thepiwo reviewed Dec 15, 2017
View reviewed changes
apps/aecore/config/dev.exs Outdated
env -> env
end

# config :aecore, :authorization,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we remove this?

@thepiwo
Copy link
Collaborator

thepiwo commented Dec 15, 2017

@meivantodorov @andonov can you approve?

@thepiwo thepiwo merged commit e15b548 into master Dec 15, 2017
@thepiwo thepiwo deleted the GH-134 branch October 5, 2018 11:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thepiwo thepiwo thepiwo approved these changes

@andonov andonov Awaiting requested review from andonov

+2 more reviewers

@cytadela8 cytadela8 cytadela8 approved these changes

@meivantodorov meivantodorov meivantodorov approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

api functions protected by key, to control node

4 participants

@d-velev @thepiwo @cytadela8 @meivantodorov