[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-docs] branch master updated: add note in instance setup section r
|
From: |
gnunet |
|
Subject: |
[taler-docs] branch master updated: add note in instance setup section re instance existence leak |
|
Date: |
Wed, 11 Aug 2021 05:05:38 +0200 |
This is an automated email from the git hooks/post-receive script.
ttn pushed a commit to branch master
in repository docs.
The following commit(s) were added to refs/heads/master by this push:
new ea3a137 add note in instance setup section re instance existence leak
ea3a137 is described below
commit ea3a137a097c03c8b4877a855197797d61c882d4
Author: Thien-Thi Nguyen <ttn@gnuvola.org>
AuthorDate: Tue Aug 10 23:01:34 2021 -0400
add note in instance setup section re instance existence leak
---
taler-merchant-manual.rst | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/taler-merchant-manual.rst b/taler-merchant-manual.rst
index 1cc5926..4a9fd7a 100644
--- a/taler-merchant-manual.rst
+++ b/taler-merchant-manual.rst
@@ -773,6 +773,12 @@ similar to the ``root`` account on UNIX.
The following documentation shows how to handle any instance, so you should
read
it twice, first creating the ``default`` instance, then creating normal ones.
+.. note::
+ A security concern is that instance existence is leaked by normal API usage.
+ This means unauthorized users can distinguish between the case where the
+ instance does not exist (HTTP 404) and the case where access is denied
+ (HTTP 403).
+
KUDOS Accounts
--------------
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-docs] branch master updated: add note in instance setup section re instance existence leak,
gnunet <=