New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
separate security for control and status actions #2081
Comments
Prior to this commit ... Authentication for control and status actions is implemented via the same token. With this commit ... Puma implements a 'status-token' limited to status actions in Puma::App::Status. If 'control-token' is defined, it is required for any action. If 'control-token' is undefined, no token is required for any action. If 'status-token' is undefined, no status token is required for status actions. Closes puma#2081
What if, instead, we allowed you to configure a callback lambda/proc? |
I'm open to any implementation that allows users to configure querying status independently from controlling the server :) Might you have an example that illustrates what you are thinking about? |
How about this ... config
status.rb
resulting in
|
Prior to this commit ... Puma allows access to all (control and status) actions in Puma::App::Status. With this commit ... Puma implements 'control_auth_actions' to authorize only specific actions. If 'control_auth_actions' is undefined, Puma allows access to all actions. This maintains the default behavior, for backward-compatibility. Closes puma#2081
See #2083 Not a lambda, but very simple, and I assume the array could be replaced ... |
Isn't this possible to implement in your application? You might need to |
It is, but ...
#2083 allows users to configure fine-grained configuration of what actions are authorized by the token, and I'd like to propose closing this in favor of that PR ... unless you decline both :) |
No, it just means we're over-securing status. That's not a "security issue", just inconvenient. Just want to be clear here. |
Yes: it would be lovely to not need a token to access the
So, should I close both of my PRs as non-starters? Or would you be interested in me simplifying one of them, to remove the check for a token for the |
You're right, I didn't know but it is running a separate server for that here: Lines 61 to 65 in f5ccd03
|
Yay! I remember seeing that but did not make the connection. |
Prior to this commit ... Puma allows access to all (control and status) actions via the same token. With this commit ... Puma does not require a token to access status actions.
Prior to this commit ... Puma allows access to all (control and status) actions via the same token. With this commit ... Puma does not require a token to access status actions.
Is your feature request related to a problem? Please describe.
Authentication for control and status actions in
Puma::App::Status
is implemented via the samecontrol-token
option, while the security requirements related to control actions likehalt
and status actionsstats
differ significantly.Describe the solution you'd like
Separate tokens for control and status actions.Eliminate the need for a token to access status actions, reserving it for control actions.
Describe alternatives you've considered
An option to set the authorization level
(control | status)
for thecontrol-token
option.Separate tokens for control and status actions.
The text was updated successfully, but these errors were encountered: