Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Guest ingests should not include IP Address as part of Guest Principal name #3743

Closed
coyotesqrl opened this issue Sep 13, 2018 · 0 comments
Closed

Guest ingests should not include IP Address as part of Guest Principal name #3743

coyotesqrl opened this issue Sep 13, 2018 · 0 comments
Assignees
@coyotesqrl
Milestone
2.13.2

Comments

@coyotesqrl
Copy link
Member

This is a duplicate of this Jira issue for testing purposes

The Guest Principal is created with a name of the form Guest@[IP_ADDR] which leaks information about Guest access when files are ingested and the PoC field is filled in. We should obfuscate the IP Addresses of Guest Principals.

  • Update the STS Guest Validator to set the Principal name to Guest@[RANDOM]
  • Write a security audit record of the form Mapping IP Addr [XXXX] to Internal ID [200f7e55Xda24X4ec3X8e9fX2bad7393fd53]
  • Prevent a small secondary issue where Guest@ is sometimes prepended twice to the id on the principal's name
  • Cache the generated token for a reasonable period so it can be reused instead of a new random id being created and logged on each Guest access
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@coyotesqrl coyotesqrl

Labels
None yet
Projects
None yet
Milestone
2.13.2
Development

No branches or pull requests
2 participants
@coyotesqrl @rzwiefel