🔒 Ideas about security #15
Labels
design
Formalize specification(s)
difficulty:medium
Issues will take some thought to complete
enhancement
New feature or request
help wanted
Extra attention is needed
security
Issue related to security
Milestone
Redis Security
If you're using the Redis backend, you need to be able to protect the database from malicious clients. As of v0.1.0, DrMem has a config option to indicate the host and port of the Redis server. I configure Redis to only listen to the loopback address. This means DrMem has to be running on the same system and it relies on the system's security to limit who can log into the machine.
If you have several DrMem instances and want to share a Redis instance, then Redis will need a publicly accessible address. Redis can be configured to restrict database keys to certain clients. If we want this tighter control, we'll have to make the following changes to DrMem:
GraphQL Security
Currently we're using an unencrypted, open
http
connection to control DrMem. I envision mobile and web apps interfacing with DrMem. But we want to keep things simple since the only clients to my control system will be my phone and maybe tablet. For this tiny use-case, I think the following can be used:clients
takes an array of digital fingerprints. These are the accepted clients that can connect.The text was updated successfully, but these errors were encountered: