Comments (7)
Why https? if this runs on someone's internal network, do we really need https? Doesn't that have a performance impact?
I like the JWT validation option as well, but again, what would be the performance impact? we are up against a library that is in the code, so the competition is pretty fast.
I guess we should start from why do we need them?
I will also ask some users about it if they care.
I always have kafka as an example in my head. Do they support SSL yet?
from cerbos.
Running plaintext services is frowned upon these days. Especially for a authz application, HTTPS should be on by default. There's almost no overhead for doing that now because modern CPUs are very fast and usually have special hardware acceleration for crypto operations.
We do need to have some sort of authentication mechanism as well. Again, the current trend is towards the BeyondCorp model where the internal network is not trusted or treated as special. The endpoint needs to be secured because an attacker could use it to enumerate all the users who have permission to do something or even enumerate everything that an application can do. So it's a security risk.
Kafka does support SSL now :)
from cerbos.
from cerbos.
from cerbos.
Sure, being able to turn them off is fine. The defaults should be secure though.
from cerbos.
from cerbos.
The core bits are implemented. Remaining things are tracked in #71.
from cerbos.
Related Issues (20)
- Validate scope chain in the AddUpdatePolicy RPC
- Testing policies stored in Postgres HOT 1
- Option to disable grpc server HOT 1
- Separating a resource policy into multiple files HOT 1
- Add support for rqlite/rqlite HOT 3
- Add LoadBalancer service type support for Static IP HOT 1
- How to Retrieve a List of Permissions Associated with a "Cerbos" Role? HOT 12
- Add ability to filter policies in the Admin API ListPolicies RPC HOT 5
- Automate e2e overlay test seed data generation
- Drop the cerbos prefix from FQNs HOT 1
- Documentation for `cerbosctl get` references non-existent `--format` flag
- Support user-defined output
- Question: Policy rule schema validation HOT 2
- Provide environment-specific information to policies HOT 1
- Upgrade to CEL 0.16
- Ability to verify policy outputs in tests
- Outputs get evaluated for all rules -- not just the activated ones HOT 1
- --verbose flag prints out incorrect information about the condition
- Confdocs can't parse array examples correctly HOT 1
- Support DaemonSet deployment from helm
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cerbos.