Prevent trigger API from DoS when trigger ID is exposed
Registered by
James Li
A token is not needed for consuming solum trigger API, that may be a vulnerability for DoS, especially when trigger ID is exposed. We propose the following approach to solve this issue. When solum creates a plan, a secret key is generated and put into db, also registered with user. For the Github-hosted code we can leverage its webhook API (https:/
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- James Li
- Direction:
- Needs approval
- Assignee:
- James Li
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
- Adrian Otto
Related branches
Sprints
Whiteboard
(?)