trustno1
This commit is contained in:
parent
1fd6865996
commit
5e921b566f
|
@ -5,6 +5,10 @@ honk is not currently hardened against SSRF, server side request forgery. Be
|
||||||
mindful of what else may be reachable on localhost or the local network if
|
mindful of what else may be reachable on localhost or the local network if
|
||||||
it's not generally accessible.
|
it's not generally accessible.
|
||||||
|
|
||||||
|
Key and signature verification is best effort, but some forgeries may sneak
|
||||||
|
past. In particular, tying together key name, key owner, actor, object, etc.
|
||||||
|
is incomplete.
|
||||||
|
|
||||||
How are user keys supposed to be rotated? Expired? Revoked?
|
How are user keys supposed to be rotated? Expired? Revoked?
|
||||||
|
|
||||||
The current answer is never, never, never.
|
The current answer is never, never, never.
|
||||||
|
|
Loading…
Reference in New Issue