Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Privacy issue with token system #43

Closed
karthikb351 opened this issue Feb 4, 2015 · 8 comments
Closed

Privacy issue with token system #43

karthikb351 opened this issue Feb 4, 2015 · 8 comments
Assignees
@aneesh-neelam
Labels
enhancement
Milestone
0.16-Release

Comments

@karthikb351
Copy link
Collaborator

When exchanging the token for timetable data at /api/{campus}/friends/share?token={token}, we should do a simple check of requesting for the user's regno and dob as well so we know who has pulled who's data.
@aneesh-neelam aneesh-neelam changed the title Security issue with token system Privacy issue with token system Feb 4, 2015
@aneesh-neelam
Copy link
Owner

That's actually a privacy issue. Not a security one.

But I get why it is a good thing to do, it'll be done in the next major release. I'm sorry, but this will break the API.

@karthikb351
Copy link
Collaborator Author

For now build it on dev?
And we should really start having a versioning for our API if it's subject to so many changes so frequently.
My suggestion would be to move to a /api/v1.1/{campus}/ naming schema so we can keep legacy support easily.

@aneesh-neelam
Copy link
Owner

The latest development branch is always deployed on dev. The latest release branch is deployed on rel.

About the versioning, let me see what I can do.

@aneesh-neelam aneesh-neelam added this to the 0.14-Release milestone Feb 4, 2015
@aneesh-neelam
Copy link
Owner

API Versioning implemented in f1f2293. Deployed to vitacademics-dev

@aneesh-neelam aneesh-neelam self-assigned this Feb 4, 2015
@aneesh-neelam
Copy link
Owner

Let's implement this as the first use case for Push Notifications, shall we?

@karthikb351
Copy link
Collaborator Author

Push is still pending. We need to get that worker process ready so we can actually implement all of this.

@aneesh-neelam
Copy link
Owner

Alright, but this is the easiest use case for implementing Push Notifications.

Let's start with this is what I'm saying.

aneesh-neelam added a commit that referenced this issue Apr 2, 2015
@aneesh-neelam
Receiver for Timetable Share
ba3ef4f 
* Fixes #43
* Version bumped to 0.15.20
aneesh-neelam added a commit that referenced this issue Apr 2, 2015
@aneesh-neelam
Receiver for Timetable Share
b305302 
* Fixes #43
* Fixed queues
* Version bumped to 0.15.21
@aneesh-neelam aneesh-neelam mentioned this issue Apr 2, 2015
Merged
@aneesh-neelam
Copy link
Owner

Done!
@ayushagarwal95: Need to update API Reference

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aneesh-neelam aneesh-neelam

Labels
enhancement
Projects
None yet
Milestone
0.16-Release
Development

No branches or pull requests
2 participants
@aneesh-neelam @karthikb351