Add random request ID (closes #22) #25

johannes-huther · 2021-05-22T18:14:13Z

Adds a random unique ID to the request.

As the POST data is never logged, this should prevent replay attacks even if logging is set to verbose.

If the randomness is not trusted an additional salt can still be added using

data: '{ "salt": "${{ secrets.WEBHOOK_SALT }}" }'

but this shouldn't be necessary.

Also the user can verify, that the request is unique by storing the previous request IDs. But I don't think this is necessary either.

Therefore I conclude that this PR closes #22.

This commit does not change the behaviour of this file. Instead it stores the options in a variable to remove one of the two curl blocks that have been identical for the most part. `&> /dev/null` is not needed if `-v` is omitted and `-s` is used.

Adds a random unique ID to the request. As the POST data is never logged, this should prevent replay attacks even if logging is set to verbose.

johannes-huther added 2 commits May 22, 2021 16:26

Remove redundant curl section

ce480c3

This commit does not change the behaviour of this file. Instead it stores the options in a variable to remove one of the two curl blocks that have been identical for the most part. `&> /dev/null` is not needed if `-v` is omitted and `-s` is used.

Add random request ID (closes distributhor#22)

3957435

Adds a random unique ID to the request. As the POST data is never logged, this should prevent replay attacks even if logging is set to verbose.

distributhor merged commit d28f935 into distributhor:master Jun 5, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add random request ID (closes #22) #25

Add random request ID (closes #22) #25

Uh oh!

johannes-huther commented May 22, 2021

Uh oh!

Uh oh!

Add random request ID (closes #22) #25

Add random request ID (closes #22) #25

Uh oh!

Conversation

johannes-huther commented May 22, 2021

Uh oh!

Uh oh!