Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

server: use a whitelist for non-admin APIs #44150

Open
2 tasks
knz opened this issue Jan 20, 2020 · 2 comments
Open
2 tasks

server: use a whitelist for non-admin APIs #44150

knz opened this issue Jan 20, 2020 · 2 comments
Labels
A-authentication Pertains to authn subsystems A-kv-security A-kv-server Relating to the KV-level RPC server A-server-architecture Relates to the internal APIs and src org for server code C-cleanup Tech debt, refactors, loose ends, etc. Solution not expected to significantly change behavior. T-server-and-security DB Server & Security
Projects
DB Server & Security

Comments

@knz
Copy link
Contributor

knz commented Jan 20, 2020
edited by cockroach-jira-scripts

This issue is to address the cleanup and strengthening of the solutions implemented for #42567

  • the server code that accepts incoming RPCs and HTTP requests should consider that the request requires admin privileges by default, and only allow non-admins to use the endpoint if the endpoint is in a whitelist. This will prevent mistakenly introducing new privileged APIs without the appropriate privilege checks in the future. Action plan:

    • share the code that requires admin privileges to the top level incoming request code
    • introduce a whitelist

  • the auth info should be determined very early (during the TLS handshake) and populated in the context for use everywhere, see these two comments:

#42567 (comment)

and

#42567 (comment)

Epic: CRDB-1473

Jira issue: CRDB-5247
@knz knz added A-kv-security A-kv-server Relating to the KV-level RPC server C-cleanup Tech debt, refactors, loose ends, etc. Solution not expected to significantly change behavior. labels Jan 20, 2020
@knz knz added this to To do in DB Server & Security via automation Jan 20, 2020
@knz knz mentioned this issue Jan 20, 2020
Closed
@knz knz moved this from To do to 20.1 in DB Server & Security Jan 20, 2020
@knz knz mentioned this issue Jan 24, 2020
Closed
@knz
Copy link
Contributor Author

knz commented Feb 3, 2020

@dhartunian this is one of the issues we discussed earlier today, if you want to keep an eye on it or add it to some to-do list.

@knz knz moved this from Legacy debt to Linked issues (see roadmap) in DB Server & Security Apr 17, 2020
@jlinder jlinder added the T-server-and-security DB Server & Security label Jun 16, 2021
@knz knz added A-server-architecture Relates to the internal APIs and src org for server code A-authentication Pertains to authn subsystems labels Jul 29, 2021
@github-actions
Copy link

We have marked this issue as stale because it has been inactive for
18 months. If this issue is still relevant, removing the stale label
or adding a comment will keep it active. Otherwise, we'll close it in
10 days to keep the issue queue tidy. Thank you for your contribution
to CockroachDB!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-authentication Pertains to authn subsystems A-kv-security A-kv-server Relating to the KV-level RPC server A-server-architecture Relates to the internal APIs and src org for server code C-cleanup Tech debt, refactors, loose ends, etc. Solution not expected to significantly change behavior. T-server-and-security DB Server & Security
Projects
DB Server & Security
  
Linked issues (from the roadmap colum...
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jlinder @knz