Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change nextUri slug for every request #1654

Closed
findepi opened this issue Oct 2, 2019 · 1 comment · Fixed by #1660
Closed

Change nextUri slug for every request #1654

findepi opened this issue Oct 2, 2019 · 1 comment · Fixed by #1660
Assignees
@findepi
Labels
enhancement New feature or request
Milestone
321

Comments

@findepi
Copy link
Member

findepi commented Oct 2, 2019
edited
Loading

Currently the slug is constant for the duration of the query. Usually, it is known only to the querying user, so it's not a problem.
However, it is logged to http-request.log. Everyone with access to the file can intercept query results.
Furthermore, when using log shipping, the http-request.log contents may be accessible to more people.

For increased security around query slug, each nextUri should be authorized with a different token.
@findepi findepi added the enhancement New feature or request label Oct 2, 2019
@findepi
Copy link
Member Author

findepi commented Oct 2, 2019

nextUri slug can be HMAC(query slug, nextToken)

@findepi findepi mentioned this issue Oct 3, 2019
Merged
@findepi findepi self-assigned this Oct 5, 2019
@findepi findepi added this to the 321 milestone Oct 9, 2019
@findepi findepi mentioned this issue Oct 9, 2019
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@findepi findepi

Labels
enhancement New feature or request
Milestone
321
Development

Successfully merging a pull request may close this issue.

Change nextUri slug for every request findepi/trino
1 participant
@findepi