View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0006846||Taler||deployment and operations||public||2021-04-14 14:07||2021-05-13 09:01|
|Reporter||Florian Dold||Assigned To||MS|
|Priority||high||Severity||minor||Reproducibility||have not tried|
|Summary||0006846: use token auth with actual secret token for test/demo merchant instances, provide sandbox instance|
|Description||Currently the merchant backend is not secured. That was initially intentional, but might cause trouble if somebody decides to mess with instances during a demo.|
1. Generate a random token when bootstraping the environment. Store this token in a plain-text file and read it into an environment variable in ~/activate.
2. The taler-deployment-config-instances script should set up token authentication with this secret token
3. The merchant frontend demos should use this token
4. We should create one special instance named "sandbox" that we create without token auth, but where we forbid administrative endpoints via an nginx whitelist.
|Tags||No tags attached.|
- Sync was recently fixed in this regard, but waits to be tested.
- As for the 4. point: 'sandbox' instance got actually named "Tutorial", and instead of no token got one well-known, which is "sandbox". Those decisions happened after a private discussion.
||Setting as 'high' as it's close to resolution.|
|2021-04-14 14:07||Florian Dold||New Issue|
|2021-04-14 14:07||Florian Dold||Status||new => assigned|
|2021-04-14 14:07||Florian Dold||Assigned To||=> MS|
|2021-05-13 09:00||MS||Note Added: 0017846|
|2021-05-13 09:01||MS||Priority||normal => high|
|2021-05-13 09:01||MS||Note Added: 0017847|