gitlab-com-seaweedfs/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2024-01-19 02:48:24 +00:00
Code Issues Projects Releases Wiki Activity

Updated Security Overview (markdown)

Chris Lu 2019-06-06 00:28:25 -07:00
parent 7c64c63c17
commit db83b78f2d
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
Security-Overview.md

@ -55,4 +55,10 @@ JWT Summary:
* JWT is valid for 10 seconds.
* JWT only has permission to create/modify/delete one fileId.
* The volume server HTTP access is only for read, and only if the fileId is known. There are no way to iterate all files.
* All other volume server HTTP accesses are disabled when `jwt.signing` is enabled.
* All other volume server HTTP accesses are disabled when `jwt.signing` is enabled.
## JWT for Read Access Control
The volume server can also check JWT for reads. This mode does not work with `weed filer`. But this could be useful if the volume server is exposed to public and you do not want anyone to access it with a URL, e.g., paid content.
* To enable it, set the `jwt.signing.read.key` in `security.toml` file.
* To obtain a JWT for read, the JWT can be read from the response header `Authorization` of `http://<master>:<port>/dir/lookup?fileId=xxxxx&read=yes`.