View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006842 | Anastasis | backend | public | 2021-04-11 14:53 | 2021-04-11 17:48 |
| Reporter | Christian Grothoff | Assigned To | Christian Grothoff | ||
| Priority | high | Severity | major | Reproducibility | N/A |
| Status | closed | Resolution | fixed | ||
| Platform | i7 | OS | Debian GNU/Linux | OS Version | squeeze |
| Product Version | Git master | ||||
| Target Version | 0.0.0 | Fixed in Version | 0.0.0 | ||
| Summary | 0006842: policy upload succeeds despite payment secret not being initialized | ||||
| Description | The code currently never sets the payment secret, thus the policy uploads happens without one (alas, after the upload was paid for). This is bad, because it would allow a strong adversary to upload a policy without payment (benefiting from the payment of the legitimate user). Todo: - fix the backend to properly check for the correct payment secret being provided by the client (and not just a payment existing) - fix the reducer to store the 'payment_secret' in the 'policy_providers' field | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-04-11 14:53 | Christian Grothoff | New Issue | |
| 2021-04-11 14:53 | Christian Grothoff | Status | new => assigned |
| 2021-04-11 14:53 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2021-04-11 15:04 | Christian Grothoff | Priority | normal => high |
| 2021-04-11 15:06 | Christian Grothoff | Target Version | 0.2.0 => 0.1.0 |
| 2021-04-11 17:28 | Christian Grothoff | Status | assigned => resolved |
| 2021-04-11 17:28 | Christian Grothoff | Resolution | open => fixed |
| 2021-04-11 17:28 | Christian Grothoff | Fixed in Version | => 0.0.0 |
| 2021-04-11 17:28 | Christian Grothoff | Note Added: 0017734 | |
| 2021-04-11 17:28 | Christian Grothoff | Target Version | 0.1.0 => 0.0.0 |
| 2021-04-11 17:48 | Christian Grothoff | Status | resolved => closed |
