-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secure creating database endpoint #246
Comments
If I understand correctly, I faced a related issue. See my thread here if this helps: |
@rokgfx that's not the same issue. I create db when there is no basic auth. I turned on the |
Isn't the situation you pose a non-issue? Presumably the database name is some transformation (if not just the same) of the username? In other words, the database name "squatting" would be the same as username or email "squatting". What you could do is just (on your server level) setup a white list so all connections from anything other than your application domain(s) are blocked. Of course this quickly turns into the same problem most companies have with detecting blocks. |
Apology in advance if this is not the correct venue to ask this question.
I am creating a per user database and everything works perfectly but I am a little concerned about anyone can create a database on a remote server (attackers could potentially do "database squatting") . My ideal scenario is whenever a user creation (
signup()
is called), either I can check with a specific endpoint or signup could only be called from a specific domain. After that, everything should just work as it.Thank you for this nifty plugin! It saved me a lot of work.
The text was updated successfully, but these errors were encountered: