Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issues in requests calls #27

Open
fmigneault opened this issue Oct 26, 2023 · 0 comments
Open

Security issues in requests calls #27

fmigneault opened this issue Oct 26, 2023 · 0 comments
Assignees
@dchandan @fmigneault-crim
Labels
security

Comments

@fmigneault
Copy link
Collaborator

All requests calls should remove enforced verify=False.
This is a debuging workaround that should not be enabled in deployed instances with valid SSL certificates.

The requests also assume open access. Realistically, most STAC API will not let user openly push new collections/items. The auth parameter must be supported to pass down an authentication/authorization method, such as https://github.com/Ouranosinc/requests-magpie

For convenience, CLI flags or utilities to pass extra arguments to requests calls could be added, but the should not enforce defaults that disable security features.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dchandan dchandan

@fmigneault-crim fmigneault-crim

Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dchandan @fmigneault @fmigneault-crim