starred/acme-dns
1
0
Fork 0
mirror of https://github.com/acme-dns/acme-dns.git synced 2026-04-27 12:55:48 +03:00
Code Issues 178 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #23] Handling registration requests with broken/incomplete JSON payload #5

New issue
Closed
opened 2026-03-13 15:19:35 +03:00 by kerem · 4 comments
kerem commented 2026-03-13 15:19:35 +03:00
Owner
Copy link

Originally created by @joohoi on GitHub (Nov 15, 2017).
Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/23

To continue from discussion started here:
https://github.com/joohoi/acme-dns/pull/20#discussion_r150984732

ping @koesie10

Which approach would be the intuitive and appropriate if broken or incomplete JSON object (or whatever payload) is sent to registration endpoint:

  1. acme-dns should return error, like 400 Bad Request with descriptive error message.
  2. Registration should complete with default values, and return these to the user.

Previously I felt that the second one would be the correct approach, but now I'm starting to lean towards the first one.

Originally created by @joohoi on GitHub (Nov 15, 2017). Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/23 To continue from discussion started here: https://github.com/joohoi/acme-dns/pull/20#discussion_r150984732 ping @koesie10 Which approach would be the intuitive and appropriate if broken or incomplete JSON object (or whatever payload) is sent to registration endpoint: 1) acme-dns should return error, like `400 Bad Request` with descriptive error message. 2) Registration should complete with default values, and return these to the user. Previously I felt that the second one would be the correct approach, but now I'm starting to lean towards the first one.
kerem closed this issue 2026-03-13 15:19:40 +03:00
kerem commented 2026-03-13 15:19:46 +03:00
Author
Owner
Copy link

@koesie10 commented on GitHub (Nov 15, 2017):

I would expect an error to be returned, as otherwise you would be opening yourself to security risks, such as allowing requests from all IPs. Of course, this is usually just an extra security measure, but in case your username and passwords are compromised, it is still an effective security measure that would be disabled without warning when you send an invalid JSON request.

<!-- gh-comment-id:344525975 --> @koesie10 commented on GitHub (Nov 15, 2017): I would expect an error to be returned, as otherwise you would be opening yourself to security risks, such as allowing requests from all IPs. Of course, this is usually just an extra security measure, but in case your username and passwords are compromised, it is still an effective security measure that would be disabled without warning when you send an invalid JSON request.
kerem commented 2026-03-13 15:19:51 +03:00
Author
Owner
Copy link

@joohoi commented on GitHub (Nov 15, 2017):

Yeah, that's the reasoning that makes me lean towards the second option too. I'll implement that.

<!-- gh-comment-id:344526320 --> @joohoi commented on GitHub (Nov 15, 2017): Yeah, that's the reasoning that makes me lean towards the second option too. I'll implement that.
kerem commented 2026-03-13 15:19:56 +03:00
Author
Owner
Copy link

@koesie10 commented on GitHub (Nov 15, 2017):

Great, thanks for the project! I'm using it in combination with my own Certbot hook to automate issuing and renewing domains without having to change anything on the server, like is required for the http-01 and tls-sni-01.

<!-- gh-comment-id:344528268 --> @koesie10 commented on GitHub (Nov 15, 2017): Great, thanks for the project! I'm using it in combination with [my own Certbot hook](https://github.com/koesie10/acme-dns-certbot-hook) to automate issuing and renewing domains without having to change anything on the server, like is required for the http-01 and tls-sni-01.
kerem commented 2026-03-13 15:20:01 +03:00
Author
Owner
Copy link

@joohoi commented on GitHub (Nov 15, 2017):

Nice to hear that it's useful for you! I'm actually also an active Certbot developer, so if there's anything I can do to improve either project, please let me know! If it's Certbot related, using issues on Certbot repo, obiviously though :)

<!-- gh-comment-id:344570825 --> @joohoi commented on GitHub (Nov 15, 2017): Nice to hear that it's useful for you! I'm actually also an active Certbot developer, so if there's anything I can do to improve either project, please let me know! If it's Certbot related, using issues on Certbot repo, obiviously though :)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
fix_dockerhub
dockerhub
readme2.0
goreleaser_action
refactoring
linter_update_config
update_deps_122
dependabot/go_modules/github.com/valyala/fasthttp-1.34.0
deps_bump
update_goreleaser
update_golint
deps_update
update_dockerfile
v2.0.2
v2.0.1
v2.0
v1.1
v1.0
v0.8
v0.7.2
v0.7.1
v0.7
v0.6
v0.5
v0.4
v0.3.2
v0.3.1
v0.3
v0.2
v0.1
Labels
Clear labels   
Documentation

   
Documentation

   
bug

   
enhancement

   
feature request

   
feature request

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
security

   
security

   
testing
No labels
Documentation
Documentation
bug
enhancement
feature request
feature request
help wanted
pull-request
question
security
security
testing
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/acme-dns#5
No description provided.