Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

REST: Remove Use of Password #3641

Closed
2 of 4 tasks
alexanderbez opened this issue Feb 13, 2019 · 4 comments
Closed
2 of 4 tasks

REST: Remove Use of Password #3641

alexanderbez opened this issue Feb 13, 2019 · 4 comments
Assignees
Labels
S:proposal accepted T: API Breaking Breaking changes that impact APIs and the SDK only (not state machine). T: Security

Comments

@alexanderbez
Copy link
Contributor

alexanderbez commented Feb 13, 2019

Summary

The password field in the base_req of POST requests should be removed entirely or heavily documented as unsafe.

Problem Definition

Even with a REST client sitting behind a secure network layer/proxy, it is not advisable to accept key passwords in plain text such as this.

Proposal

We already have generate only and tx broadcast support, so we should enforce (encourage) clients to sign the txs before sending to a specific node.

In other words, we:

  • Remove the password field (thus removing the dependency for Keybase)
  • Force all module tx endpoints to now be generate only

/cc @cosmos/cosmos-ui

ref: #3560


For Admin Use

  • Not duplicate issue
  • Appropriate labels applied
  • Appropriate contributors tagged
  • Contributor assigned/self-assigned
@fedekunze
Copy link
Collaborator

we are not using it now on Voyager, we do generate_only > sign > broadcast

@alexanderbez
Copy link
Contributor Author

@fedekunze music to my ears!

@fedekunze
Copy link
Collaborator

fedekunze commented Feb 13, 2019

although this is a breaking change

@fedekunze fedekunze added the T: API Breaking Breaking changes that impact APIs and the SDK only (not state machine). label Feb 13, 2019
@alexanderbez
Copy link
Contributor Author

Update, we may not even need this with #3640. Where most clients will not have unsafe routes enabled.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
S:proposal accepted T: API Breaking Breaking changes that impact APIs and the SDK only (not state machine). T: Security
Projects
None yet
Development

No branches or pull requests

2 participants