(auth) validate deis cluster requests

deis / workflow-manager-api

Deis Workflow Manager API

MIT License

5 stars 0 forks source link

(auth) validate deis cluster requests #7

Open jackfrancis opened 8 years ago

jackfrancis commented 8 years ago

This is a high-level issue to address the following concern:

How do we verify that a write-request (HTTP POST) originates from a real deis cluster?

We don't want to overly complicate things and, say, store user credentials. But we would like, longer term, to disallow random folks from reverse engineering our elegantly designed API and sending us bogus data.

arschles commented 8 years ago

@jackfrancis can you put this into a milestone?

jackfrancis commented 8 years ago

We're currently considering rate limiting as a stratagem to address this. We're no longer seriously considering actually identifying cluster requests as coming from "real" clusters.

jackfrancis commented 8 years ago

Not critical for 2.0 release.