Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTPS Support #137

Closed
2 of 3 tasks
NickEckert opened this issue Apr 15, 2018 · 1 comment
Closed
2 of 3 tasks

HTTPS Support #137

NickEckert opened this issue Apr 15, 2018 · 1 comment
Assignees
@NickEckert
Labels
P1 High priority. Should be addressed by the next release. Size: Medium The work involved in addressing this issue is a sizable amount. 1-2 days of work. Status: In Progress Work on the issue is in progress. Type: Feature Addresses adding a new feature to the application.
Milestone
v2.0.0

Comments

@NickEckert
Copy link
Collaborator

NickEckert commented Apr 15, 2018
edited
Loading

This issue relates to a:

  • Bug
  • Suggestion
  • Feature Proposal

Description:

At some point it would be nice to sport HTTPS for communication between the server and client. We could allow users to utilize certificates purchased from a certificate authority or their own self signed certificate.

HTTPS allows encrypted communication to the server. This would be necessary in a production environments where users are sending credentials to the server. In many cases these password would be hashed but this still opens us up to dictionary/rainbow table attack on our users password hashes.

HTTP also allows users to verify the identity of Thunder servers. (see trust chaining below)

I would also like to point out that if a future goal is to have Thunder as a Service (TaaS) then a lack of HTTPS support would certainly scare aways a large number of potential users.

Additional Information:

https://en.wikipedia.org/wiki/HTTPS
https://en.wikipedia.org/wiki/Chain_of_trust
https://blog.instantssl.com/https/seo-advantages-switching-https/
@NickEckert NickEckert added P3 Low priority. No set deadline to address. Status: Available Work on this issue has not yet started and is available to be worked on. labels Apr 15, 2018
@NickEckert NickEckert added this to the v2.1.0 milestone Apr 15, 2018
@RohanNagar RohanNagar modified the milestones: v2.1.0, v2.0.0 Apr 15, 2018
@RohanNagar RohanNagar added Type: Feature Addresses adding a new feature to the application. P2 Medium priority. Can be addressed within the next few releases. Size: Medium The work involved in addressing this issue is a sizable amount. 1-2 days of work. P1 High priority. Should be addressed by the next release. and removed P3 Low priority. No set deadline to address. P2 Medium priority. Can be addressed within the next few releases. labels Apr 15, 2018
@NickEckert NickEckert self-assigned this Apr 22, 2018
@NickEckert NickEckert added Status: In Progress Work on the issue is in progress. and removed Status: Available Work on this issue has not yet started and is available to be worked on. labels Apr 22, 2018
@RohanNagar
Copy link
Owner

Since Dropwizard supports HTTPS already, it looks like the main work item for this is:

  • Testing it locally
  • Updating deployment definitions (K8s YAML files, Dockerfile) to expose HTTPS port
  • Extensive documentation on how to enable/disable it and bringing certificates

@RohanNagar RohanNagar added Status: On Hold The work on this issue is on hold until further notice. P2 Medium priority. Can be addressed within the next few releases. and removed Status: In Progress Work on the issue is in progress. P1 High priority. Should be addressed by the next release. labels May 16, 2018
@NickEckert NickEckert removed their assignment Jun 26, 2018
@NickEckert NickEckert self-assigned this Jul 31, 2018
@NickEckert NickEckert added P1 High priority. Should be addressed by the next release. Status: In Progress Work on the issue is in progress. and removed P2 Medium priority. Can be addressed within the next few releases. Status: On Hold The work on this issue is on hold until further notice. labels Aug 2, 2018
@NickEckert NickEckert mentioned this issue Aug 20, 2018
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@NickEckert NickEckert

Labels
P1 High priority. Should be addressed by the next release. Size: Medium The work involved in addressing this issue is a sizable amount. 1-2 days of work. Status: In Progress Work on the issue is in progress. Type: Feature Addresses adding a new feature to the application.
Projects
None yet
Milestone
v2.0.0
Development

No branches or pull requests
2 participants
@RohanNagar @NickEckert