Jormungandr: permissioned access to rest

Created on 12 Jun 2019  路  3Comments  路  Source: input-output-hk/jormungandr

Is your feature request related to a problem/context ? Please describe if applicable.
Limit access to the rest interface

Describe the solution you'd like
Add the ability to provide a list of IP addresses which are allowed to connect via rest.
Add the ability to require a user/pass to connect via rest.

Additional context
Adding ACLs might be interesting too: username1 can do all things, username2 can only read all things, username3 can only read certain things
Bonus point.... associate usernames with IP addresses.

subsys-rest Priority - Low security

Most helpful comment

We don't have a final story on this, and it somewhat related to #413 already.

Basically this REST api is kind of generic and "read-only" so it doesn't matter if it's open, but on the other hand clearly having the ability to bind correctly, limit by IP, and add user authentication will likely be feature we'ld like to have, but will take time to get there

All 3 comments

We don't have a final story on this, and it somewhat related to #413 already.

Basically this REST api is kind of generic and "read-only" so it doesn't matter if it's open, but on the other hand clearly having the ability to bind correctly, limit by IP, and add user authentication will likely be feature we'ld like to have, but will take time to get there

dunno how I missed #413
definitely don't think it's critical, just thought I'd add it to the backlog

Now that we've switched to rustls, it's trivial to add TLS client verification with its private key. This would make access binary, but securely restricted, no more JS/bash/whatever having full access to the control API. Any thoughts? Is it worth adding at least as a temporary solution?

Was this page helpful?
0 / 5 - 0 ratings