From e5437560d2f30350370a1c96397716ac56a7398d Mon Sep 17 00:00:00 2001 From: Tom Clegg Date: Fri, 13 Sep 2019 16:26:51 -0400 Subject: [PATCH] 13647: Fix BlobSigning config comment. Arvados-DCO-1.1-Signed-off-by: Tom Clegg --- lib/config/config.default.yml | 12 +++--------- lib/config/generated_config.go | 12 +++--------- 2 files changed, 6 insertions(+), 18 deletions(-) diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml index a083094df4..523327d8cb 100644 --- a/lib/config/config.default.yml +++ b/lib/config/config.default.yml @@ -313,15 +313,9 @@ Clusters: MaxRequestLogParamsSize: 2000 Collections: - # Allow clients to create collections by providing a manifest with - # unsigned data blob locators. IMPORTANT: This effectively disables - # access controls for data stored in Keep: a client who knows a hash - # can write a manifest that references the hash, pass it to - # collections.create (which will create a permission link), use - # collections.get to obtain a signature for that data locator, and - # use that signed locator to retrieve the data from Keep. Therefore, - # do not turn this on if your users expect to keep data private from - # one another! + + # Enable access controls for data stored in Keep. This should + # always be set to true on a production cluster. BlobSigning: true # BlobSigningKey is a string of alphanumeric characters used to diff --git a/lib/config/generated_config.go b/lib/config/generated_config.go index 117f189d9a..51fd385549 100644 --- a/lib/config/generated_config.go +++ b/lib/config/generated_config.go @@ -319,15 +319,9 @@ Clusters: MaxRequestLogParamsSize: 2000 Collections: - # Allow clients to create collections by providing a manifest with - # unsigned data blob locators. IMPORTANT: This effectively disables - # access controls for data stored in Keep: a client who knows a hash - # can write a manifest that references the hash, pass it to - # collections.create (which will create a permission link), use - # collections.get to obtain a signature for that data locator, and - # use that signed locator to retrieve the data from Keep. Therefore, - # do not turn this on if your users expect to keep data private from - # one another! + + # Enable access controls for data stored in Keep. This should + # always be set to true on a production cluster. BlobSigning: true # BlobSigningKey is a string of alphanumeric characters used to -- 2.30.2