Look into auth solutions for packages

AidanTilgner / Onyx-Personal

This is my personal version of the (so far nonexistent) Onyx Systems core microservices. This is the original project and might change over time, but is completely self-hostable. Still very much pre-production though.

1 stars 0 forks source link

Look into auth solutions for packages #52

Closed AidanTilgner closed 2 years ago

AidanTilgner commented 2 years ago

Packages are by far the biggest vulnerability for now. Although sending packages should be impossible without logging in, if someone manages to hijack the server and send packages, since there's no auth and currently no encryption, this is pretty much completely vulnerable to malicious intent. Before this goes to production there needs to be a good auth solution for packages.

AidanTilgner commented 2 years ago

Auth for packages will be in the form of tokens. These tokens will be sent to the People server for auth at each stop the package goes through. Integration of this will be in a different issue