You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At the moment there is no validation of input data at all.
This can lead to both security problems and sudden operational errors.
Security problems
A user (or an anonymous attacker) can organize a DoS attack when resources (for example, RAM) are exhausted, since user requests are not validated (by field size).
Those. Firstly, the user can save a lot of data into the database. Secondly, increase the load when executing requests to retrieve this big data.
Or an anonymous attacker could launch an attack on /signup.
Operational errors
The user can create an object that is used in another object. Which leads to cross problems.
For example, the Cert object contains a certificate for verifying a JWT signature and a key for signing a JWT.
If the user messes up the Cert (there is no validation, so the user might not even know about it) then this will lead to hard to catch access issues.
The text was updated successfully, but these errors were encountered:
At the moment there is no validation of input data at all.
This can lead to both security problems and sudden operational errors.
Security problems
A user (or an anonymous attacker) can organize a DoS attack when resources (for example, RAM) are exhausted, since user requests are not validated (by field size).
Those. Firstly, the user can save a lot of data into the database. Secondly, increase the load when executing requests to retrieve this big data.
Or an anonymous attacker could launch an attack on
/signup
.Operational errors
The user can create an object that is used in another object. Which leads to cross problems.
For example, the Cert object contains a certificate for verifying a JWT signature and a key for signing a JWT.
If the user messes up the Cert (there is no validation, so the user might not even know about it) then this will lead to hard to catch access issues.
The text was updated successfully, but these errors were encountered: