David Ross
David Ross
From the security review bug (https://github.com/postmates/cernan/issues/461): > None of the sources auth, the few sinks that have auth credentials are, iirc, not wired up to authenticate. IP whitelisting and/or presence...
As per: https://github.com/postmates/cernan/issues/461#issuecomment-460741158 "This is part of the generated protobuf code. It'd be reasonable to regen this and see if the unsafe bits have disappeared. It'd also be willing to...
https://github.com/postmates/cernan/wiki/SinksElasticSearch * secure :: whether to attempt HTTPS or not with the elasticsearch host [default: false] It makes sense to change the default to true, as per https://github.com/postmates/cernan/issues/461.
As noticed in security review (https://github.com/postmates/cernan/issues/461): https://github.com/postmates/cernan/blob/4c96e203fdc5eb8f85aee2fd462daf081a0db811/src/config.rs#L849 Followup action: > We should document a limit to this value and check the user's input, emit a warning if the value is...
My comment from the security review (https://github.com/postmates/cernan/issues/461): Is this essentially insecure by default? If it’s insecure with the default setting that should probably at minimum be called out explicitly in...
Hi @blt, as requested I'm including security review notes here. (I'm not particularly Rust-savvy at the moment, so some of this may not be interesting in reality.) PTAL and assess...