Comments (1)
nick-funk
commented on August 21, 2024
Putting the admin UI behind a VPN will unfortunately not add any security to your setup.
Both the admin and client speak to the graphql API which must remain public. Even if the Admin UI is hidden behind a VPN, all of the admin API functions in graphql would still be public as the API must remain public for the stream to function. As well, the stream has moderation actions that can be performed while a mod/admin is logged in stream side, so the public stream, has to have API access to moderation abilities, which again, must be public.
The most common attack vector for Coral is not the admin UI, but the API itself. We would have to refactor the entire Coral monolith into two separate graphql API endpoints to truly create the security blanket you are wanting. That would take an incredible amount of work, and it is far easier for us to just have a public graphql API and perform thorough pen tests (which we do regularly) to ensure that none of Coral is vulnerable to attack instead of trying to rely on a VPN to protect the data.
I hope that answers why Coral is architected the way it is and why we can't put the admin behind a VPN.
from talk.
Related Issues (20)
- Client Theme Builder GUI HOT 1
- Moderation is broken with 8.6.0 HOT 4
- GDPR - actively clean up rejected comments older than 1 year HOT 4
- DSA Anonymous Reporting HOT 7
- Errors that seem to have no effect HOT 1
- INTERNAL_ERROR: Text record must only set "authSource" or "replicaSet"` HOT 1
- Support for Hostnames without TLD in "Site permitted domains" HOT 2
- OpenID Connect HTTP Callback Url HOT 3
- Adding unnecessary padding when trying to render commenting thread in a modal HOT 5
- Error while upgrading from 7.3.0 to 8.0.0 HOT 8
- Finnish translation: Notification email footer issues HOT 3
- Expand visible dashboard data to weekly/monthly HOT 1
- Story cache - DATA_CACHING_NOT_AVAILABLE HOT 6
- Option to close sitewide commenting for a specific time (ie. from midnight to 6 am.) HOT 3
- connect to a serverless MongoDB cluster. HOT 1
- Commenting Username Bug HOT 1
- Can't able to render the coral thread in a modal if we have multiple action items on a page for opening modal. HOT 1
- Perspective Filter Toxicity HOT 3
- Comment Activity Email/Notification HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from talk.