[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-docs] 25/36: document new auth policy
|
From: |
gnunet |
|
Subject: |
[taler-docs] 25/36: document new auth policy |
|
Date: |
Tue, 22 Jun 2021 19:35:21 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository docs.
commit 29c6de2b0a5c3cdf6528df7370eed13fc0f78f00
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Wed May 19 18:44:31 2021 +0200
document new auth policy
---
taler-merchant-manual.rst | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/taler-merchant-manual.rst b/taler-merchant-manual.rst
index 6782c7e..f8e2eb3 100644
--- a/taler-merchant-manual.rst
+++ b/taler-merchant-manual.rst
@@ -778,16 +778,17 @@ If everything worked as expected, the command
.. code-block:: console
- $ curl http://localhost:8888/
+ $ curl http://localhost:8888/config
-should return the message
+should return some basic configuration status data about the service.
-.. code-block:: none
+Please note that your backend is right now likely globally reachable. You can
either:
- Hello, I'm a merchant's Taler backend. This HTTP server is not for humans.
+ * Use the ``--auth=$TOKEN`` command-line option to set an access token to be
provided in an ``Authorize: Bearer $TOKEN`` HTTP header. Note that this can be
used at anytime to override access control, but remains only in effect until a
first instance is created or an existing instance authentication setting is
modified.
+ * Set the ``TALER_MERCHANT_TOKEN`` environment variable to ``$TOKEN`` for
the same effect. This method has the advantage of ``$TOKEN`` not being visible
as a command-line interface to other local users on the same machine.
+ * Set up an instance with an authentication token before some unauthorized
person has a chance to access the backend. As the backend is useless without
any instance and the chances of remote attackers during the initial
configuration is low, this is probably sufficient for most use-cases. Still,
keep the first two scenarios in mind in case you ever forget your access token!
-Please note that your backend is right now likely globally reachable.
-Production systems should be configured to bind to a UNIX domain socket
+Production systems should additionally be configured to bind to a UNIX domain
socket
and use TLS for improved network privacy, see :ref:`Secure setup
<Secure-setup>`.
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-docs] 28/36: doc update for #6889, (continued)
- [taler-docs] 28/36: doc update for #6889, gnunet, 2021/06/22
- [taler-docs] 18/36: add endpoint to delete bogus wire transfers, gnunet, 2021/06/22
- [taler-docs] 35/36: update manuals, gnunet, 2021/06/22
- [taler-docs] 11/36: remove dangerous API as per discussion with FD, gnunet, 2021/06/22
- [taler-docs] 17/36: add table to cache /wire reply from partner exchange, gnunet, 2021/06/22
- [taler-docs] 26/36: document 409 case, see #6863, gnunet, 2021/06/22
- [taler-docs] 32/36: fix docs, gnunet, 2021/06/22
- [taler-docs] 31/36: add man page for fakebank, gnunet, 2021/06/22
- [taler-docs] 29/36: spec message for denomination expired/revoked/too-early signature (#6889), gnunet, 2021/06/22
- [taler-docs] 34/36: simplify/cleaner docs, gnunet, 2021/06/22
- [taler-docs] 25/36: document new auth policy,
gnunet <=
- [taler-docs] 36/36: Merge branch 'dd13', gnunet, 2021/06/22
- [taler-docs] 14/36: finish DD13, gnunet, 2021/06/22
- [taler-docs] 13/36: work on SQL comments, gnunet, 2021/06/22
- [taler-docs] 12/36: more work on DD13 spec, gnunet, 2021/06/22
- [taler-docs] 08/36: extend wire gateway spec for wads, gnunet, 2021/06/22
- [taler-docs] 23/36: hw, gnunet, 2021/06/22
- [taler-docs] 20/36: deal with purse auto-refund on expiration, ensure exchange has max_deposit_fees always, gnunet, 2021/06/22
- [taler-docs] 21/36: more amounts needed, gnunet, 2021/06/22