Comments (2)
thjaeckle
commented on June 17, 2024
I think that we need to validate always what the target state of the complete thing (or feature if only a feature was modifier) would be against the model.
So after enforcement (different permissions should not yield different validation results), but before applying a modify command to the persistence.
We should also monitor how much time validation takes, by adding metrics (spans) to the existing signal processing trace.
It would ne nice to have the validation as separate Java Module so that it could also be used as a library.
from ditto.
thjaeckle
commented on June 17, 2024
Another idea on the enforcement:
Configure a list of auth subjects (also supporting wildcards) for which validation is not done.
I am thinking especially about eg connections where we don't necessarily rely on a user input to validate.
Whereas for api users, eg authenticated via JWT and the http api, it would be important to validate all provided data.
from ditto.
Related Issues (20)
- Incorrect template for sudo modifyPolicy piggybackCommand body HOT 2
- What is the Incoming script for sending multiple signal from the device(via mqtt connection) to the different path in the things? HOT 9
- Cannot retrieve entity at revision HOT 2
- Things UI in ditto HOT 3
- Policy anounsments not working when connection is using namespace filtering HOT 2
- Enhance conditional updates for merge/PATCH to specify different conditions for parts of the patch
- nginx timeout is not configurable in helm chart
- Connection extraField Enrichment. HOT 7
- Connection target topics with mixed filters and enrichment may fail to publish message HOT 4
- Using some placeholders in RQL "filters" for connection "targets" is not possible
- SSL kafka connection configuration HOT 3
- ImplicitThingCreation configuration HOT 7
- Removing fields in a merge update with a regex does not work in several cases
- How to access Hono Services from Outside the its Hosted VM
- Configuring "oauth2" based authentication for "devops" access does not allow to use a different OpenID connect provider
- 401 not authorized when using Nginx and helm deployment HOT 2
- how to use ditto-client send message to RabbitMQ (java) HOT 3
- how to scale connectivity instance HOT 3
- Default value for `date-time` format in referenced WoT ThingModel is generated as empty string
- Helm deployment throws 500 errors after AKS update HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ditto.