I tried to provide fake ownerid or owner from some other user and I've got
fake ownerid results to the 'UNAUTHORISED' response from the server
fake owner field does not affect on the server - resulting package owner are always correct
It looks like the server is secured. But anyway the owner and ownerid info could be inferred on the server-side (and it does happen when server do security check), so let's do it there and remove this code as redundant in the data-cli.
Tasks
[ ] change the server-side code to infer the ownerid from the token
[ ] remove owner and ownerid setup from the client code.
https://github.com/datahq/data-cli/blob/a0eb8458feb8cec5c0d62b2f676a7ecf0b939a0e/bin/data-push.js#L90
I tried to provide fake
owneridorownerfrom some other user and I've gotowneridresults to the 'UNAUTHORISED' response from the serverownerfield does not affect on the server - resulting package owner are always correctIt looks like the server is secured. But anyway the owner and ownerid info could be inferred on the server-side (and it does happen when server do security check), so let's do it there and remove this code as redundant in the
data-cli.Tasks
owneridfrom the tokenownerandowneridsetup from the client code.Related issues
https://github.com/datahq/data-cli/issues/233