Project

Profile

Help

Send by e-mail

Task #6692

Add docs that Pulp's REST API is not safe for multi-user use

Added by bmbouter 12 months ago. Updated 11 months ago.

Status:
CLOSED - COMPLETE
Priority:
Normal
Assignee:
ttereshc
Category:
-
Sprint/Milestone:
3.4.0
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Documentation
Sprint:
Sprint 73
Quarter:

Description

Background

Pulp's REST API does not have Role Based Access Control and so sensistive credentials, e.g. Remote.password, Remote.client_cert, Remote.client_key for example could be set by one user and read by another.

Solution

Document this very clearly in these places:

  1. Above the changelog in the CHANGES.rst file
  2. To the REST API section of the architecture docs here
  3. To the REST API docs landing page here
  4. At the top of the Authentication page here

Associated revisions

Revision 8c3a6da5 View on GitHub
Added by ttereshc 11 months ago

Add warning that REST API is not safe for multi-user use

closes #6692 https://pulp.plan.io/issues/6692

History

#1 Updated by bmbouter 12 months ago

  • Description updated (diff)

#2 Updated by dkliban@redhat.com 12 months ago

  • Sprint set to Sprint 72

#3 Updated by rchan 11 months ago

  • Sprint changed from Sprint 72 to Sprint 73

#4 Updated by fao89 11 months ago

  • Sprint/Milestone set to 3.4.0

#5 Updated by ttereshc 11 months ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ttereshc

#6 Updated by pulpbot 11 months ago

  • Status changed from ASSIGNED to POST

#7 Updated by ttereshc 11 months ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

#8 Updated by dkliban@redhat.com 11 months ago

  • Status changed from MODIFIED to CLOSED - COMPLETE

Please register to edit this issue

Send by e-mail

Also available in: Atom PDF