Comments (2)
Thank you for opening this issue so this can be discussed. I personally perceive a security issue with this approach - the security of my business.
Point 2 I understand and does not allow new projects to connect to github, so I will focus on point 1 with regards to my comments: "you are the org admin that installed the github app".
I am writing these comments from the perspective of the Org Owner. I will call the admin who added the Nhost github app to my Org the "Nhost admin".
I see the following security concerns with the current approach:
- There is no way for me or my team to go to the Nhost app and identify the Nhost admin whom my team needs to contact to connect a repo to an Nhost project
- If the Nhost admin were to become unexpectedly unavailable:
- In the immediate, new projects for my consulting business are put on hold as I cannot set up new Nhost projects
- As I understand it, Nhost requires the current Nhost admin's permission to switch to a new Nhost admin, therefore, in the long run, new projects for my consulting business are put on hold, thus essentially shutting down my business
- Being the Owner of the Org grants no privileges in the Nhost app - this ignores the meaning of Owner and elevates the sole Nhost admin above the Owner, putting future business in the control of someone who does not have claim to that responsibility; this essentially gives the Nhost admin veto power over the Owner
Proposed short term solutions:
- List who the Nhost admin is so that everyone in the Org knows whom to work with to set up Nhost projects
- Before the Nhost app can be added to github, require the Owner to acknowledge your two security policies listed above so they know what they are signing up for and so they choose very carefully who their Nhost admin is
- Create a Guide/Documentation that clearly states these two security policies that you have listed above so that when this confusion arises, there is documentation to clarify the situation
Before proposing long term solutions, a few points:
- Github has Owner and Admin roles and grants access and privileges based on these roles. They are, by definition, inherently trusted by Github to administer repos.
- Nhost has two roles for Workspaces: Owner and Member. Owner, I believe, always has full privileges for the Workspace.
I propose the following long term solution:
- Repo access is granted by the Nhost app if the Owner of the Workspace is also the Owner of the Github Org
This one security change addresses concerns 1-3 above.
Additionally, I propose for consideration:
- Repo access is granted by the Nhost app if the Member (or Owner) of the Workspace is also a Github Admin of the Repo
The reason for this security change is it makes it much easier for the Owner to reason about who has true Admin privileges for a repo and it allows quick demotion of privileges on the Nhost side (which is an important aspect of security).
In other words, if the Nhost app were to rely on and trust the Github Admin role to determine privilege to connect to an Nhost project, the Owner can easily revoke that privilege simply by demoting the current Nhost admin in Github. Under the current security policies, to demote the current Nhost admin requires:
- The current Nhost admin being willing to give permission to Nhost to be demoted (i.e., change to a new Nhost admin)
- The new Nhost admin must be involved in the process with Nhost
- Nhost themselves must make the change manually (which may take hours or even days), thus extending the window over which a "demoted" Nhost admin still has privileges
Thanks for considering these points. :)
from nhost.
As I understand it, Nhost requires the current Nhost admin's permission to switch to a new Nhost admin, therefore, in the long run, new projects for my consulting business are put on hold, thus essentially shutting down my business
It is mostly treated on a case by case basis and usually handled quickly to avoid disruption.
Re the rest, thanks for the ideas. We will evaluate them and see how to move forward.
from nhost.
Related Issues (20)
- Hasura doesn't work HOT 3
- nhost project showing 404 HOT 1
- dashboard: allow configuring postmark's native integraton
- Feature Request: Choose Embedding Model HOT 16
- Feature Request: Add OTP for Email in Auth HOT 7
- dashboard: multiple error toasts closing together
- Custom Claim Array always null with auth 0.29.1 HOT 5
- dashboard: add model settings to autoembeddings configuration
- dashboard: e2e tests for Run and AI pages
- Error in signup/email-password HOT 2
- Never received any otp code, response is null on session and error
- Nhost (Next) JWT Token expire and apollo/nhostNext js client stops working HOT 19
- Can't Access Auth Endpoint HOT 1
- Change metadata for user in dashboard HOT 2
- evaluate project templates
- add "headers" option to missing methods in the js sdk
- error in openapi3filter.RequestError: refresh token is missing HOT 3
- react-apollo example e2e tests backend fails to start because of dummy secrets
- NextJS Server Components and Subscriptions Example HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nhost.