Improve security when one tenant is comporomised#131
Conversation
5550598 to
a1baa11
Compare
|
Todo: test this before merging |
a1baa11 to
8ef11c1
Compare
| @@ -120,3 +120,28 @@ jobs: | |||
| - name: '[check] Run Ruff' | |||
There was a problem hiding this comment.
"The original approach to authentication where if a single tenant was compromised, attacker could issue uuids with any tenant uuid they want, which would compromise all other tenants as well."
What uuids do you mean? Like new tenant uuis?
| msg = f"Invalid config value: 'auth.allowed_apis[{index}].tenant_uuid' must be a UUID or '*'" | ||
| raise ValueError(msg) from error | ||
|
|
||
| if WILDCARD in {normalized_url, tenant_uuid}: |
There was a problem hiding this comment.
It might be useful to introduce separate production and development modes in the future. But maybe it is too much for this project, just an idea.
| @@ -0,0 +1,20 @@ | |||
| auth: | |||
| allowed_apis: | |||
| - url: "https://your-dsw-instance.example.com/wizard-api" | |||
There was a problem hiding this comment.
Does this mean that every tenant must now be explicitly listed in the configuration?
I’m wondering whether this might be too tightly coupled to the config. Would each newly created tenant need to be added manually before it can use the API?
The original approach to authentication where if a single tenant was compromised, attacker could issue uuids with any tenant uuid they want, which would compromise all other tenants as well.
This adds restriction to only allow specific tenants on specific apis. This means if one tenant is compromised, it won't allow attacker to access other tenants.
closes #73