Closed Bug 777133 Opened 12 years ago Closed 12 years ago

Create a solitude proxy

Categories

(Marketplace Graveyard :: Payments/Refunds, defect, P1)

Product:
Marketplace Graveyard
Component:
Payments/Refunds
Platform:
x86
macOS
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: andy+bugzilla, Unassigned)

References

Details

We need to have a proxy between solitude and Paypal. So that solitude doesn't actually communicate with Paypal directly, it calls the proxy. The proxy then adds in the headers and passes the requests on to Paypal, returning them to solitude.

The goal is that the paypal information is never in solitude, but only in this proxy.

The proxy will need to do the header auth, which for some API's is the almost (but not quite) Paypal oAuth headers. For the get personal data API's this is a bit trickier which is why we are going for Python not some custom nginx module. It also gives us more freedom to cope with whatever BlueVia needs.

Solitude will point at a server like: http://our.paypal.proxy.com/

And that server will point at https://paypal.com and do the HTTPS work.

Other notes:

- It would be nice if this was just an option in solitude to run with or without this, so dev's don't need it.
- I don't think we need a seperate code base for this, we can just run solitude with different flags to be the proxy.
- There are few different API calls: ones that need auth, ones that do OAuth and IPN calls all of which need different headers.
Priority: -- → P1
What protection does it afford us separating this information out from a server that will already be barricaded off pretty well?

If we do this then I am all for doing it in the same code base and running with flags, this makes it much simpler to make it so it works without the proxy running for developers.

I'd like to heard more about what sorts of attacks and such we are hoping to prevent with this setup before I stand behind doing it.
rforbes is the main man on this so I'll let him answer but I think the answer is... Its just yet another layer, if you get into solitude you still don't actually know the paypal username and password, that's on yet another locked down box.

For what its worth, I plan on making solitude configurable for us developers so that it will work with or without the proxy, because it would a pain for us to develop with the proxy.
https://github.com/mozilla/solitude/commit/a0f9a5
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
basically, there isn't one machine that can be compromised that would allow access to both the database of user data AND the paypal auth info.
You need to log in before you can comment on or make changes to this bug.