use "application.statusKey" instead of "application.secret" … #1144
Conversation
| @@ -25,8 +25,8 @@ | |||
| ~ | |||
| ~ --secret: | |||
There was a problem hiding this comment.
Assuming we're trying to introduce a different key for the purposes of getting status, should we change the flag from --secret to --status-key to avoid confusion?
|
Hm... Yes, probably. Good point.
…On May 22, 2017 4:35 PM, "Theodore Nguyen-Cao" ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In documentation/commands/cmd-status.txt
<#1144 (comment)>:
> @@ -25,8 +25,8 @@
~
~ --secret:
Assuming we're trying to introduce a different key for the purposes of
getting status, should we change the flag from --secret to --status-key
to avoid confusion?
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
<#1144 (review)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AARE3bCaCvJTKCGjtnRXLo2L9tcksU3sks5r8Y8ggaJpZM4NiSgT>
.
|
asolntsev
force-pushed
the
allow-status-request-only-with-status-key
branch
from
7dffd07 to
ffe61bc
Compare
|
Thank you @theo ! I renamed @xael-fry Please also review the changes. |
* these 2 plugins have totally different responsibilities and priorities * splitting them allows users to easily override/disable/reorder any of them
asolntsev
force-pushed
the
allow-status-request-only-with-status-key
branch
from
c0c180c to
15874d0
Compare
|
Merged thanks |
…h-status-key use "application.statusKey" instead of "application.secret" …
|
How ist this supposed to work? Why did you remove the signing part in the plugin (-> server side)? I thought your goal was to not re-use the app secret but a distinct key. But I think we need to keep the signing to check the message "@status" signed w/ the "new" statusKey?! |
|
@asolntsev I let you answer this question |
|
But the play status command signs the string "@status" with the application.statusKey property. Then, on the server-side, this signed message is compared to the application.statusKey property. How should this work? This will never be equal :) |
|
Sorry, I don't know what means "the default case".
We use the following command to get application status:
curl --header "authorization: YOUR-SECRET-WORD" http://localhost:9000/@status
Andrei Solntsev
2017-11-28 11:13 GMT+02:00 Sebastian Beigel <notifications@github.com>:
… But the play status command signs the string ***@***.***" with the
application.statusKey property. Then, on the server-side, this signed
message is compared to the application.statusKey property. How should this
work? This will never be equal :)
To make this work right now, you have to sign the message ***@***.***" by
yourself, set this signed message as statusKey in the app.conf and pass
*your* signing key as an explicit argument to the play status command...
The default case in play status is useless (as it doesn't work).
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1144 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AARE3ZF6CCzegZrP1lRfzN4JeaVY7FxMks5s687QgaJpZM4NiSgT>
.
|
|
Yes, that's what I thought :) But this change effectively renders the play status command useless, as this command (look at the python code) signs the string "@status", either with the given secret or (that is the default) with the app.conf's property statusKey. I understand that you want a "classic" API/secret key style. But then the play status command has to be converted to this approach as well, i.e. remove the singing part and take the passed argument or the app.conf's statusKey as auth message. |
|
Ok, you mean "play status" command?
I never used it.
Yes, sure: if it became broken, it should be fixed.
Anyway, I hope you also agree that it's better to break some insecure
feature than to keep it working. :)
Andrei Solntsev
2017-11-28 11:25 GMT+02:00 Sebastian Beigel <notifications@github.com>:
… Yes, that's what I thought :)
But this change effectively renders the play status command useless, as
this command (look at the python code) signs the string ***@***.***", either
with the given secret or (that is the default) with the app.conf's property
statusKey.
I understand that you want a "classic" API/secret key style. But then the
play status command has to be converted to this approach as well, i.e.
remove the singing part and take the passed argument *or* the app.conf's
statusKey as auth message.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1144 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AARE3YDcv32iIB7id5ar0cLiy-kEzHOKks5s69GIgaJpZM4NiSgT>
.
|
|
Yes, I do :) I can fix the status command (in the way just described) and make a PR if you want... |
|
Sure, it would be great.
Thank you!
Andrei Solntsev
2017-11-28 11:38 GMT+02:00 Sebastian Beigel <notifications@github.com>:
… Yes, I do :)
I can fix the status command (in the way just described) and make a PR if
you want...
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1144 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AARE3SyOKH_cGV-lZaFxN-NWerxl3y3kks5s69SagaJpZM4NiSgT>
.
|
|
see #1209 |
…for /@status requests