Hex
Explore posts from serversBBattleMetrics
•Created by Hex on 4/16/2024 in #support-forum
Restrict API key creation
Without having the knowledge of how your infrastructure works its kind of hard to do so but the lowest hanging fruit to me would have seemed to have an option in the roles creation that allows a role to create an API key or not. That'd be my initial thoughts but again without a clearer picture its hard to make suggestions.
17 replies
BBattleMetrics
•Created by Hex on 4/16/2024 in #support-forum
Restrict API key creation
I'll definitely have to re-evaluate and look how we can adopt a more secure way of working. I appreciate the response.
17 replies
BBattleMetrics
•Created by Hex on 4/16/2024 in #support-forum
Restrict API key creation
I can see your point, but I'm sure you can also see where I'm coming from. And for those, yes we do. But that's only a temporary phase till people grow into their full moderation capabilities. That still doesn't mean that cause we trust them within the confines of the website to use that information, that we'd be comfortable with any of them building out tools which allows them to extract the entirety of the dataset we have, that should be a right only granted to very select individuals for very specific tasks I feel like.
17 replies
BBattleMetrics
•Created by Hex on 4/16/2024 in #support-forum
Restrict API key creation
I'll be quite frank here but that does not seem secure in the least to be honest with you.
There are countless instances where you'd want people to have access to GDRP protected information like IP-addresses in the context of their responsibilities whilst using BM but you by no means would ever want to grant them the ability to export said data through an API where it can be distributed without prior consent or used in contexts in which it shouldn't be.
It seems reckless not even having the minimum amount of safeguards granting the ability to restrict that through roles.
17 replies