arkascha
commented
9 years ago Implemented as part of the streamlining of the verification strategy.
Closed arkascha closed 9 years ago
arkascha
commented
9 years ago Implemented as part of the streamlining of the verification strategy.
arkascha
commented
9 years ago Will be released as part of Shorty version 0.5.
When verifying the setup of the 'static backend' in the apps adminstration section a success confirmation is returned which acts as a prove of a working setup.
There is an issue here, though: it might actually be that this confirmation comes from another system than the desired on. In the end the confirmation messages sent by the app cannot be distinguished between different systems. So when a relaying setup is copied from one system to another it might happen that one actually tests the local setup against the original system where the setup was copied from instead of the desired one.
A solution would be to add an 'authority' property to the confirmation that is unique to the sending system and allows the receiving / validating system to check if the confirmation actually origins from the targeted or from some other system. Things like hostname are not suited for this task, since depending on the network topology those might differ between validator and authority, although both are actually the same system. Instead some unique attribute has to be found. For this the installation specific alphabet springs into mind. Though one would have to make sure that this validation service cannot be miss used to read out that alphabet...