MachineID is confidential and should not be exposed on the network #86
Labels
enhancement
New feature or request
good first issue
Good for newcomers
help wanted
Extra attention is needed
Comments
|
Hey @cmbaron, very good point, this should have been hashed directly from the start - what you propose sounds good actually, I'd be even tempted to say to hash directly the MachineID so it's safe to use by default and we avoid misuse, altough if someone already relied on it that would be bad - so it's best to split those two, and make a deprecation warning as you suggest. However, there might be use-cases where it is used just internally, and not exposed at all, so maybe a warning would be enough to make sure that the user understand implications of using it. |
mudler
added
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Hostname Plugin allows using MachineID in a template to generate hostname.
Per the manual page and the machine id library used by this project, machine-id is confidential and shouldn't be disclosed in whole or part.
How do we feel about adding "SecuredMachineID" as an available template variable in the hostname plugin to generate a machine-id derived ID using machine.id.ProtectedID("yipCloudInitHostnameConfiguration"), then later deprecating "MachineID" with a warning when its used?
The text was updated successfully, but these errors were encountered: