pico-engine icon indicating copy to clipboard operation
pico-engine copied to clipboard

Published 20 hours ago verified publisher icon Picolab

Enhancements to channel policy to further secure pico engine

Open b1conrad opened this issue 2 years ago • 0 comments

A couple of ideas:

  1. we could add a bearer token to the channel policy; /sky/ events and queries would then only be accepted by the pico engine on that ECI when an authorization header bearing the token was present in the HTTP request (otherwise 401 response code)
  2. we could add a rate limiting feature; for example an ECI could be used only once every 10 minutes and if oftener, a 429 response code could be given

Together these could reduce the likelihood of denial of service attacks

b1conrad avatar Jun 21 '22 14:06 b1conrad