forked from TrueCloudLab/frostfs-node
ca552f53c6
Malicious user can stole public session key and use it by sending request from it's own scope. To prevent this each session token is signed and signature private key must be corresponded with owner id in token. Therefore malicious node cannot impersonate request without private key to sign token. Signed-off-by: Alex Vanin <alexey@nspcc.ru> |
||
---|---|---|
.. | ||
core | ||
innerring | ||
local_object_storage | ||
morph | ||
network | ||
policy | ||
services | ||
util |