minio

Commit Graph

Author	SHA1	Message	Date
Bala FA	32c6b62932	move credentials as separate package (#5115 )	7 years ago
Harshavardhana	f8024cadbb	[security] rpc: Do not transfer access/secret key. (#4857 ) This is an improvement upon existing implementation by avoiding transfer of access and secret keys over the network. This change only exchanges JWT tokens generated by an rpc client. Even if the JWT can be traced over the network on a non-TLS connection, this change makes sure that we never really expose the secret key over the network.	7 years ago
Harshavardhana	d864e00e24	posix: Deprecate custom removeAll/mkdirAll implementations. (#4808 ) Since go1.8 os.RemoveAll and os.MkdirAll both support long path names i.e UNC path on windows. The code we are carrying was directly borrowed from `pkg/os` package and doesn't need to be in our repo anymore. As a side affect this also addresses our codecoverage issue. Refer #4658	7 years ago
ebozduman	0f401b67ad	Removes max limit requirement on accessKey and secretKey length (#4730 )	7 years ago
Brendan Ashworth	ec5293ce29	jwt,browser: allow short-expiry tokens for GETs (#4684 ) This commit fixes a potential security issue, whereby a full-access token to the server would be available in the GET URL of a download request. This fixes that issue by introducing short-expiry tokens, which are only valid for one minute, and are regenerated for every download request. This commit specifically introduces the short-lived tokens, adds tests for the tokens, adds an RPC call for generating a token given a full-access token, updates the browser to use the new tokens for requests where the token is passed as a GET parameter, and adds some tests with the new temporary tokens. Refs: https://github.com/minio/minio/pull/4673	7 years ago
poornas	18c4e5d357	Enable browser support for gateway (#4425 )	7 years ago
Bala FA	21d73a3eef	Simplify credential usage. (#3893 )	8 years ago
Harshavardhana	85f2b74cfd	jwt: Cache the bcrypt password hash. (#3526 ) Creds don't require secretKeyHash to be calculated everytime, cache it instead and re-use. This is an optimization for bcrypt. Relevant results from the benchmark done locally, negative value means improvement in this scenario. ``` benchmark old ns/op new ns/op delta BenchmarkAuthenticateNode-4 160590992 80125647 -50.11% BenchmarkAuthenticateWeb-4 160556692 80432144 -49.90% benchmark old allocs new allocs delta BenchmarkAuthenticateNode-4 87 75 -13.79% BenchmarkAuthenticateWeb-4 87 75 -13.79% benchmark old bytes new bytes delta BenchmarkAuthenticateNode-4 15222 9785 -35.72% BenchmarkAuthenticateWeb-4 15222 9785 -35.72% ```	8 years ago
Harshavardhana	62f8343879	Add constants for commonly used values. (#3588 ) This is a consolidation effort, avoiding usage of naked strings in codebase. Whenever possible use constants which can be repurposed elsewhere. This also fixes `goconst ./...` reported issues.	8 years ago
Bala FA	ee0172dfe4	Have simpler JWT authentication. (#3501 )	8 years ago

10 Commits (98d07210e7b9a3ecd7dd6f607f8e3aec856bbf67)