Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

security: claims crawler #100

Open
3 tasks
mfreeman451 opened this issue Apr 26, 2024 · 0 comments
Open
3 tasks

security: claims crawler #100

mfreeman451 opened this issue Apr 26, 2024 · 0 comments

Comments

@mfreeman451
Copy link
Contributor

Write a small program that runs in GCP to crawl through user claims and validate that everyone has the correct claims. If someone every compromised a back-end API key they could use it to change their claims in firebase and access other user accounts. We can hope and wish that that never happens, but I'd also like to know if it did ahead of time.

  • Claims crawler runs out of cron in GCP
  • Keeps state using firestore - 3 days worth?
  • Reports to Slack
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant