Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secret key is not verified in scotty example #2

Open
kvanbere opened this issue Jan 12, 2018 · 2 comments
Open

Secret key is not verified in scotty example #2

kvanbere opened this issue Jan 12, 2018 · 2 comments
Assignees
@kvanbere
Labels
bug good first issue help wanted security
Milestone
0.16.0

Comments

@kvanbere
Copy link
Member

Operating system or device, package version, compiler version:
All

Issue description:
In the scotty example (examples/scotty) the key specified by KEY= on launch is not verified. If the incorrect key is specified on GitHub the example server doesn't care. This is a security risk and means that the scotty example should not be used in production.

Note: This is not applicable to the servant example(s), which verify the keys correctly.
@kvanbere kvanbere mentioned this issue Jan 25, 2018
Closed
@kvanbere kvanbere added this to the 1.0.0 milestone Jan 26, 2018
@kvanbere kvanbere self-assigned this Jan 26, 2018
kvanbere added a commit that referenced this issue Jan 26, 2018
@kvanbere
\#2: Provide utilities to validate the secret key
f632ff2
kvanbere added a commit that referenced this issue Jan 26, 2018
@kvanbere
WIP #2: Provide utilities to validate the secret key
0a599a1
@kvanbere kvanbere removed their assignment Mar 9, 2018
@kvanbere kvanbere modified the milestones: 1.0.0, 0.16.0 Dec 5, 2021
@kvanbere
Copy link
Member Author

kvanbere commented Dec 5, 2021

This has been bumped to a higher priority.

@kvanbere kvanbere self-assigned this Dec 5, 2021
@kvanbere
Copy link
Member Author

kvanbere commented Jan 20, 2022
edited
Loading

We would very much like to deliver this with 0.16.0 because of its security content.
Help wanted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kvanbere kvanbere

Labels
bug good first issue help wanted security
Projects
None yet
Milestone
0.16.0
Development

No branches or pull requests
1 participant
@kvanbere