token name should include hostname #414

Closed
edef1c opened this Issue Mar 15, 2013 · 2 comments

Comments

Projects
None yet
3 participants
Contributor

edef1c commented Mar 15, 2013

require('os').hostname() should be prepended to the token name, so that developing from multiple machines works smoothly.
cc @blakmatrix @AvianFlu

Contributor

blakmatrix commented Mar 15, 2013

I disagree with this as a default behavior. It is very easy to checkout a new token for use by jitsu by running jitsu config set api-token-name <something unique>. This change in ease of convenience would result in reduced security of a users account.

The token feature was created out of a set of security concerns by various end users, most notably disturbed that their plaintext password was stored in thier .jitsuconf file. #132 #108 #81 #371 #302

Unfortunately, while this token solution removes storing a users password on a file on disk, many of the same security concerns still exist, an account can still have its apps manipulated--deleted, stopped, deployed over, databases created/deleted, extra drones provisioned if the account is not at limit. Tokens don't expire automatically and the more tokens that exist in this manner, the less secure a user account becomes.

Additionally, the single jitsu token, if not overridden explicitly, has some extra benefits in that each session gets a fresh token, invalidating any stored previous tokens, security in this case does not diminish, it stays the same. Sacrificing ease of convinience for undiminished security is a larger boon than burden, especially since the average user of nodejitsu I seriously doubt will be using jitsu simultaneously on multiple computers at once.

Furthermore, requiring users to explicitly change jitsu's token name (jitsu config set api-token-name <something unique>) makes them aware they are creating another token which has access to thier account, this also gives them the chance to consciously make the choice to modify their account security. This of course can be mitigated by printing a noticable warning message to the user that they are checking out another token--Perhaps even e-mail them like github does, but this doesn't make up for the fact there are now more ways to access and manipulate the account.

Contributor

julianduque commented Mar 18, 2013

I knew that @blakmatrix had a very good explanation on this +1 :)

@edef1c edef1c closed this Oct 16, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment