Details
-
Type:
Task
-
Status: Done
-
Priority:
(None)
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: None
-
Sprint:MEN Sprint 101
-
Story Points:3
-
Epic Link:
-
Backlog:yes
-
Days in progress:5
Description
We need a security mechanism for the snapshot endpoint in order for users not to abuse this endpoint by running this command from multiple devices simultaneously. Hence we need to limit the number of devices allowed to run this command simultaneously (perhaps only allow one device at any given time). Moreover, creating an image from snapshot should be considered a privileged command and may need special authentication for the device - for instance by explicitly accepting a snapshot request from the UI.
Acceptance criterion:
- Solve the concurrency issue of multiple devices trying to upload a snapshot simultaneously.
- Create a separate authentication mechanism to make the snapshot command privileged.
