Receiving HTTP post request from external API - Security concern

Question

I want a controller that receives a http post with  Name + Value data from SomeRandomServer.  This data is later written to a model.
IE An event occurs, SomeRandomServer sends a POST saying "event has occurred" and a field in a model is written to with "event has occurred".

How do I ensure that the data has actually came from SomeRandomServer and not an impersonator sending similar data? Normally with HTTP routes you can set the auth to user, but in this case the data is not coming from a user, but another api. So how would security be enforced? Can I restrict access to the route by some other means?

Fatih Piristine · Accepted Answer

how about you white-list the IP address of whatever server it is running on.
and/or create user for that model, make that api login and post.
to restrict others close it all other HTTP request ie. GET DELETE PUT so regular users won't see it. or give a redirect. only handle POST

相關帖文	回覆	瀏覽次數
How to show informations hierarchically in views ? odoo9 odoo10	0 7月 17	2711
So difficult to describe franchising situation in Odoo? odoo9 odoo10	0 3月 17	3084
Users reporting when the login it shows them as a different user security users odoo10	0 6月 25	2320
To show all stages in Kanban view 已解決 kanban odoo9 odoo10	3 12月 23	21594
Why does this security rule not work? (No matching record found for external id 'model_project_project') 已解決 security accessrules odoo9	3 4月 23	34413

此問題已被標幟

喜歡這則討論？不要只閱讀，加入發表意見吧！