Page MenuHomePhabricator

Determine how to best separate read and write functionality in PrivateBin
Closed, ResolvedPublic

Description

As we look at PrivateBin for donor data delivery, we need to figure out how to separate the functionality for uploading data and read only access. The intent is to have a publicly visible side that only allows reading of pastes while an internal service will allow the uploading of donor data.

This could be achieved by running two different processes using the same backing store. It could also be done with advanced proxy config that would restrict access to write functionality behind client side certificates or other restrictions.

Explore the options and come up with a working config for this.

Event Timeline

I've done some more digging in on this. I think the best route will be to restrict access to any post requests to set ip addresses. Going this route, we can eliminate convoluted config and maintaining separate installs and config trees for the read and read/write sides. I have tested the PBinCLI tool locally in a VM and it is functional and clear in its use. It would allow the creation of pastes from the civi host specifying the text, attachment, password, and expiry time.

There was some discussion about using client ssl certificates to allow access to posting, however this looks like it could cause issues with general use and create a fragile backend config. It is probably time better spent heading towards proper tooling and automation.

Dwisehaupt claimed this task.
Dwisehaupt moved this task from Up Next to Done on the fundraising-tech-ops board.

Using the nginx config is the way to go for now. Can open a new task if we need to shift from this.