github-webhooks icon indicating copy to clipboard operation
github-webhooks copied to clipboard

Published 20 hours ago verified publisher icon cuedo

Secret key is not verified in scotty example

Open kvanbere opened this issue 7 years ago • 2 comments

Operating system or device, package version, compiler version: All

Issue description: In the scotty example (examples/scotty) the key specified by KEY= on launch is not verified. If the incorrect key is specified on GitHub the example server doesn't care. This is a security risk and means that the scotty example should not be used in production.

Note: This is not applicable to the servant example(s), which verify the keys correctly.

kvanbere avatar Jan 12 '18 05:01 kvanbere

This has been bumped to a higher priority.

kvanbere avatar Dec 05 '21 09:12 kvanbere

We would very much like to deliver this with 0.16.0 because of its security content. Help wanted.

kvanbere avatar Jan 20 '22 00:01 kvanbere