I looked at this PR and I have two questions: 1. Should we put the auth key in the http header `Authorization`? which is more standard 2. If the authentication fails, it should return 401 directly, and for security reasons, it should not return the specific error reason
Thanks, Ming Wen, Apache APISIX Twitter: _WenMing YuanSheng Wang <[email protected]> 于2020年2月27日周四 下午9:31写道: > I submit a PR right now[1] . ^_^ > > [1] https://github.com/apache/incubator-apisix/pull/1169 > > > > On Thu, Feb 27, 2020 at 8:47 PM YuanSheng Wang <[email protected]> wrote: > > > > > > > On Thu, Feb 27, 2020 at 8:28 PM Ming Wen <[email protected]> wrote: > > > >> I think we can add support for https at the same time. I wil do it. > >> > > > > that is great ^_^ > > > > > > > >> > >> Thanks, > >> Ming Wen, Apache APISIX > >> Twitter: _WenMing > >> > >> > >> Zhiyuan Ju <[email protected]> 于2020年2月27日周四 下午7:30写道: > >> > >> > It's a good idea and can be landed on Dashboard quickly. > >> > > >> > Best Regards! > >> > @ Zhiyuan Ju <https://www.shaoyaoju.org/> > >> > > >> > > >> > doggieと杨 <[email protected]> 于2020年2月27日周四 下午7:02写道: > >> > > >> > > this is a good way. > >> > > > >> > > > >> > > > >> > > > >> > > ------------------ 原始邮件 ------------------ > >> > > 发件人: "YuanSheng Wang"<[email protected]>; > >> > > 发送时间: 2020年2月27日(星期四) 晚上6:58 > >> > > 收件人: "[email protected]"<[email protected]>; > >> > > > >> > > 主题: [Discussion] Add a key-based authentication to the > dashboard > >> > > > >> > > > >> > > > >> > > Hi: > >> > > > >> > > After the Apache APISIX instance is started, the current Admin API > >> does > >> > not > >> > > have any authentication verification mechanism, which is very > insecure > >> > for > >> > > users. > >> > > > >> > > I recommend adding a simple KEY token authentication to the Admin > API. > >> > > > >> > > For example, specifying a whitelist of allowed tokens directly in > >> > > `conf/config.yaml` might be an easy way. > >> > > > >> > > > >> > > > >> > > -- > >> > > *MembPhis* > >> > > My github: https://github.com/membphis > >> > > Apache APISIX: https://github.com/apache/incubator-apisix > >> > > >> > > > > > > -- > > > > *MembPhis* > > My github: https://github.com/membphis > > Apache APISIX: https://github.com/apache/incubator-apisix > > > > > -- > > *MembPhis* > My github: https://github.com/membphis > Apache APISIX: https://github.com/apache/incubator-apisix >
