Fix: Password-protected shared links were accessible without a password#76
Open
AmeerDlshad wants to merge 9 commits into
Open
Fix: Password-protected shared links were accessible without a password#76AmeerDlshad wants to merge 9 commits into
AmeerDlshad wants to merge 9 commits into
Conversation
No luck so far, time to move on.
define enums for Resolution, Prefix and Field. We have been running vince in production successfully for a while. These symbols were written by hand. This commit moves all hand written enums to protobuf. NOTE: this breacks compatibility with previos versions of vince because database keys will change.
Assigning domain as part of key is redundant and will result in bloating keyspace. We should store domain like any other fields and use mutex filter during search.
* store resolution in columns Remove timestamp resolution from keyspace. Initially I designed vince storage to be immutable.We don't need this guarantee anymore, we should be able to delete records to free up space. This commit introduces minute,hour,day,week and month fields which stores truncated timestamps to respective resolution. This simplifies queries since search will be perfomed on truncated fields. * add missing month column
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
This pull request fixes a critical issue where password-protected shared links could be accessed without being prompted for a password.
What Was Happening
Even when a shared link was configured with a password, users were never asked to enter it. As a result, anyone with the link could access the content bypassing the intended security.
What’s Fixed
Testing
Notes
This restores the intended behavior for password-protected links.