-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SHARD-1166: Archiver whitelisting #123
Conversation
@@ -1296,19 +1314,32 @@ | |||
Logger.mainLogger.error('Data sender publicKey and sign owner key does not match') | |||
return { success: false, error: 'Data sender publicKey and sign owner key does not match' } | |||
} | |||
if (!Crypto.verify(data)) { | |||
Logger.mainLogger.error('Invalid signature', data) |
Check warning
Code scanning / CodeQL
Log injection Medium
user-provided value
Log entry depends on a
user-provided value
Log entry depends on a
user-provided value
Log entry depends on a
user-provided value
Log entry depends on a
user-provided value
Log entry depends on a
user-provided value
…class
43fe956
to
95b0c28
Compare
allowed-archivers.json
Outdated
"publicKey": "e8a5c26b9e2c3c31eb7c7d73eaed9484374c16d983ce95f3ab18a62521964a94" | ||
} | ||
], | ||
"allowedAccounts": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lets remove this and also minSigRequired
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jintukumardas this is still pending
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is necessary for the initial config load, as the Global account data will initially be empty. This data will serve as a reference, but once we receive the Global account data, it will no longer be needed/referenced.
Use the signed list of allowed archivers.