Date
1 - 5 of 5
Reserved routes
|
MJ
It appears users can create their own routes named the same as critical endpoints such as api, doppler, loggregator, uaa, etc. In fact, I just created an app with routes doppler and loggregator and the platform did nothing to prevent me from doing so. The "cf logs" behavior was then unpredictable.
Is there some way to prevent this? Am I missing something? Thanks, Mike |
|
|
|
Mike Youngstrom <youngm@...>
Two thoughts:
toggle quoted message
Show quoted text
* Put your private system domain in an Org that users you don't trust won't have access to. * Create routes without an app for the names you wish to "reserve" Mike On Mon, Jun 15, 2015 at 3:30 PM, Mike Jacobi <jacobi(a)adobe.com> wrote:
It appears users can create their own routes named the same as critical |
|
|
|
MJ
Thanks, Mike. I implemented and tested the second option and so far it appears to be working great.
toggle quoted message
Show quoted text
A side note: It’s a bit surprising CF allows names like api and uaa when the platform is using the same domain considering, theoretically, a user could create apps and routes for those services and capture sensitive info. -Mike On Jun 15, 2015, at 2:32 PM, Mike Youngstrom <youngm(a)gmail.com<mailto:youngm(a)gmail.com>> wrote:
Two thoughts: * Put your private system domain in an Org that users you don't trust won't have access to. * Create routes without an app for the names you wish to "reserve" Mike On Mon, Jun 15, 2015 at 3:30 PM, Mike Jacobi <jacobi(a)adobe.com<mailto:jacobi(a)adobe.com>> wrote: It appears users can create their own routes named the same as critical endpoints such as api, doppler, loggregator, uaa, etc. In fact, I just created an app with routes doppler and loggregator and the platform did nothing to prevent me from doing so. The “cf logs” behavior was then unpredictable. Is there some way to prevent this? Am I missing something? Thanks, Mike _______________________________________________ cf-dev mailing list cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org> https://lists.cloudfoundry.org/mailman/listinfo/cf-dev _______________________________________________ cf-dev mailing list cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org> https://lists.cloudfoundry.org/mailman/listinfo/cf-dev |
|
|
|
Mike Youngstrom <youngm@...>
Agreed. Might make a good issue for the CC to not allow routes to be
toggle quoted message
Show quoted text
created that exist in the new Route API or something like that. Mike On Tue, Jun 16, 2015 at 3:03 PM, Mike Jacobi <jacobi(a)adobe.com> wrote:
Thanks, Mike. I implemented and tested the second option and so far it |
|
|
|
Dieu Cao <dcao@...>
For now, we recommend using a different system domain and app domain so
toggle quoted message
Show quoted text
that the overlap does not occur. For example, system.example.com for the system domain and apps.example.com as the apps domain. -Dieu On Tue, Jun 16, 2015 at 5:57 PM, Mike Youngstrom <youngm(a)gmail.com> wrote:
Agreed. Might make a good issue for the CC to not allow routes to be |
|
|