Dave
Dave
Hello, thank you for creating this package. Is there a best way to mock out the Elasticsearch server connection when writing tests? I am working with unit tests on a...
Hello! Thanks for creating this module. It is quite useful. In the README instructions, it says >Add `url(r'^advanced_filters/', include('advanced_filters.urls'))` to your project's urlconf. What do you think about importing the...
Currently queries are sent to notaries using unecrypted http traffic. Messages are still cryptographically signed and verified using the notary's public key, so they are guaranteed to be correct and...
While sensitive data stored in memory can never be truly safe on an untrusted system, especially in python with immutable strings, garbage collection algorithms, et cetera, we could take steps...
Dan Callahan has a good presentation on basic webserver security settings here: http://pyvideo.org/video/2315/quick-wins-for-better-website-security We should enable the applicable ones for notary servers. This means: Render: 1. Enable XSS Protection 2....
We should be able to easily compress the XML before sending it to the client. This could cut bandwidth usage, possibly allowing notaries to serve even more clients. We can...
If you do not scan with SNI, ssl_scan_sock gets a 'protocol version' error from some sites: > python ssl_scan_sock.py howsmyssl.com:443 > Error scanning howsmyssl.com:443 - Fatal (2): Code 70 -...
While investigating #34 a long time back I found a number of upgrades and fixes we should make to the scanner code. Creating a ticket to track this. I have...
Currently Perspectives uses MD5 certificate hashes. We should upgrade to SHA1, and at least give the option of displaying the SHA1 hashes. This will need to be rolled out in...
It may help to anonymize requests and increase user privacy if they can send queries anonymously to notaries. Notaries could accept an encrypted client request and forward it to another...