Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security implications of leaving backend publicly exposed #42

Open
officialyinsane opened this issue Jun 24, 2023 · 1 comment
Open

Security implications of leaving backend publicly exposed #42

officialyinsane opened this issue Jun 24, 2023 · 1 comment
Labels
security Securing the application

Comments

@officialyinsane
Copy link
Contributor

Currently, backend has no filtering and anyone that can talk to the port can send requests to backend.

There's no immediate risk to data integrity (due to EDDN -> EDPN -> frontend -> user) but some future edge case might open that. Additionally, chaos monkeys could flood backend with requests, effectively causing DDOS.
@officialyinsane officialyinsane added the security Securing the application label Jun 24, 2023
@pveeckhout
Copy link
Contributor

pveeckhout commented Jun 26, 2023
edited
Loading

covered in #39

The API itself should be secure / robust enough to be exposed publicly. the only endpoints that will accept data to write to the data base will be the once to manage the user accounts and API keys.

all the endpoints only perform read actions on the database, which will be rate limited based on anonymous, free or internal users

@pveeckhout pveeckhout reopened this Jun 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security Securing the application
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pveeckhout @officialyinsane