[Proposal] Improve requests validation #4
Labels
enhancement
New feature or request
Comments
|
Suggested Solution https://daltontan.com/comparison-of-golang-input-validator-libraries/29/ |
Validation alone cannot solve the problem; a rate limiter is needed here |
Agree. The problem can be viewed holistically. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
At the moment there is no validation of input data at all.
This can lead to both security problems and sudden operational errors.
Security problems
A user (or an anonymous attacker) can organize a DoS attack when resources (for example, RAM) are exhausted, since user requests are not validated (by field size).
Those. Firstly, the user can save a lot of data into the database. Secondly, increase the load when executing requests to retrieve this big data.
Or an anonymous attacker could launch an attack on
/signup.Operational errors
The user can create an object that is used in another object. Which leads to cross problems.
For example, the Cert object contains a certificate for verifying a JWT signature and a key for signing a JWT.
If the user messes up the Cert (there is no validation, so the user might not even know about it) then this will lead to hard to catch access issues.
The text was updated successfully, but these errors were encountered: