GDPR: special access to registration data #39
Comments
|
we will postpone the auth key implementation for the moment. The special ip white list based access should give access to all the data in the whois incl private registrars and their contacts. |
|
Any reason why Line 19 in fe32c6d |
|
So it's needed to make it so, that if I visit https://internet.ee say from CERT's IP, captcha should not be visible here? http://prntscr.com/jjcj0y |
|
Basically yes, CERT will be using REST-WHOIS API to make their queries. The results will most probably not be completeley available using the whois search in internet.ee as this is designed interface for REST-WHOIS API and we do not plan any design changes in these views CERT special access in mind.. In staging we are talking about this: http://st.infra.tld.ee/v1/domain_name_here.ee |
|
@maciej-szlosarczyk FYI There is a high risk of conflicts if you make some further changes in #37 |
|
@artur-beljajev I wasn't planning to 😄. I'd leave #37 as is, test it ASAP, fix any bugs that might come under testing and merge it to I hindsight, I might've gone there a bit overboard with the number of changes I introduced there, I should've kept out the HAML part and maybe make the initial test suite its own branch. |
|
@vohmar I guess there should be support for multiple IPs in whitelist? Currently it is limited to single one. |
|
@artur-beljajev Yes it should be possible to configure multiple ip's. |
For contract partners like local CERT we will enable access to all domain registration details without capthca requirement and different rate limits.
Currently this is solved using an IP whitelist. We would like to add key based auth layer for extra security.
The text was updated successfully, but these errors were encountered: