-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auth-based, per-request permissions system #67
Comments
Another aspect which was discussed: it'd be nice to also have permissions based on an ip white/black list. For example, instances of apps running on a test server should not be allowed to read from but not write to live nodes. They will likely user the same auth key as the real apps, but can be distinguished by their ip. |
A simple initial idea for client-based permissions:
|
I think this is a separate idea. I don't think the implementation would share much in common with the per-client / per-request permissions. Split to #166. |
This would be a major breaking change, though :D |
After some discussion, we decided to go for a super simple scheme, as follows:
This approach addresses all of our current needs. We can extend it to a more complicated system, if we ever need one. Nothing more to do here. |
Now we have a proper system of authenticating clients, it would be possible to add a permissions system, such that certain requests may only be initiated by certain clients.
An example of this would be very destructive operation like a request which deletes a whole storage channel, which the average client has no place performing.
The text was updated successfully, but these errors were encountered: