Closed sichen1234 closed 3 years ago
sichen1234
commented
3 years ago Initially we can just secure it by restricting access to known IP addresses. This is adequate for a scenario where each client app (ie from an auditor) accesses the chain code through its own REST api.
udosson
commented
3 years ago This would be a simple and effective first step. How would you secure access to the frontend which is connected to the REST API?
I put together a task for the Open Climate Collbathon. Have a look at the google doc under the section CLIENT | SDK Task 1: Secure REST API https://docs.google.com/document/d/1PYKffkyAAAyyFiYsLqFk3_8T52-GkJHA8BLCbwx-QMg/edit?usp=sharing
sichen1234
commented
3 years ago If only one client can access the REST API and then the ledger, then the client is responsible for providing its own security for its users. The scenario is that
Si Chen Open Source Strategies, Inc.
Video: Fighting Climate Change with Blockchain and Open Source https://youtu.be/NgxNWXa_IjE
On Sat, Nov 14, 2020 at 8:03 AM Robin Klemens notifications@github.com wrote:
This would be a simple and effective first step. How would you secure access to the frontend which is connected to the REST API?
I put together a task for the Open Climate Collbathon. Have a look at the google doc under the section CLIENT | SDK Task 1: Secure REST API
https://docs.google.com/document/d/1PYKffkyAAAyyFiYsLqFk3_8T52-GkJHA8BLCbwx-QMg/edit?usp=sharing
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/opentaps/blockchain-carbon-accounting/issues/32#issuecomment-727227794, or unsubscribe https://github.com/notifications/unsubscribe-auth/AANAS4JK3E74S5WGXNPI3HTSP2S4VANCNFSM4TSU2TLQ .
sichen1234
commented
3 years ago Replacing this with #100 and closing this one.
Currently the REST API is not secured. It should be secured with tokens for registering users and performing operations.