Closed
Bug 819023
Opened 12 years ago
Closed 5 years ago
Implement way to disable API keys, rather than delete
Categories
(developer.mozilla.org Graveyard :: API, defect, P3)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: lorchard, Unassigned)
Details
(Whiteboard: [points=2])
Currently, the only way to prevent an API key from being used is to delete it. However, this also deletes all audit log entries along with the key record.
That's bad, because it leaves us no way to inspect what was done with the key after the fact. And, it makes it impossible to find what documents might have been affected (eg. for a mass-revert feature).
So, we need to make it hard to delete an API key (ie. from admin panel only), and instead add a "disabled" flag that makes the system no longer honor it for auth yet keep it around for forensics and recovery. Change the UI on the key management side to "disable" rather than "delete"
|
||
Updated•11 years ago
|
Component: General → API
Whiteboard: [triaged]
|
||
Updated•7 years ago
|
Priority: -- → P3
Whiteboard: [triaged] → [points=2]
|
||
Comment 1•5 years ago
|
||
MDN Web Docs' bug reporting has now moved to GitHub. From now on, please file content bugs at https://github.com/mdn/sprints/issues/ and platform bugs at https://github.com/mdn/kuma/issues/.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
|
|
||
Updated•5 years ago
|
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•