Give the server more control over how clients interact with the API #8
Labels
enhancement
New feature or request
help wanted
Extra attention is needed
question
Further information is requested
Comments
brandonsturgeon
added
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now, the server retrieves two tokens on startup; one for itself, and one for all clients.
This client token can be used to write or retrieve data for as long as it's in the KV store.
This creates an avenue for attack wherein a malicious client could use their key to upload any amount of data at any rate.
One low-hanging improvement: Have the server issue clients short-term (or even one-time) tokens. The client code would passively manage the tokens, asking for a new one when it needs one.
Another improvement: force the clients to inform the server of any would-be uploads before they happen. Clients could send the server the hash and size of their data, the server would respond with a specially crafted token (maybe a jwt?) to use for that specific upload. The API could then validate that the upload was entirely correct (size and hash match), responding with an error and maybe short-term API timeout.
Doing transactions in this way would require more overhead, but the server could, for any reason, refuse to grant a token for the proposed upload. This gives a lot of flexibility to server owners for, realistically, a minor performance hit.
The text was updated successfully, but these errors were encountered: