You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By creating an admin websocket, we allow any process to call it and make admin calls to the conductor.
Instead we should gatekeep admin calls so they can only be made through the HolochainService itself (which itself should gatekeep admin actions via user permission -- see #5).
One option is for holochain core to support pre-defined auth tokens for admin websockets. An alternative is to not create an admin websocket and simply call the conductor handle directly.
The text was updated successfully, but these errors were encountered:
By creating an admin websocket, we allow any process to call it and make admin calls to the conductor.
Instead we should gatekeep admin calls so they can only be made through the HolochainService itself (which itself should gatekeep admin actions via user permission -- see #5).
One option is for holochain core to support pre-defined auth tokens for admin websockets. An alternative is to not create an admin websocket and simply call the conductor handle directly.
The text was updated successfully, but these errors were encountered: