Closed Ar4l closed 1 week ago
with Sessions as they can be followed in #8 a certain level of verification is achieved, however, in 7e3c41a4ee82e92322b2fc28b8609106ed349363 a basic version of IP blacklisting was introduced to combat the possibility of malicious intent.
I would say this is pretty much done after thinking about it (at least for as far as the MVP is concerned) @Ar4l what do you think?
Currently the APIs are exposed to the world; we want only requests from authorised sources (i.e. the plugins themselves) to be able to use them.
I don't know how you can securely authenticate on an open-source project, but there must be a way. We need to look into this.