Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Static FL authentication: authenticated worker_id is not specific to model #5698

Closed
vvmnnnkv opened this issue Jul 16, 2020 · 3 comments
Closed

Static FL authentication: authenticated worker_id is not specific to model #5698

vvmnnnkv opened this issue Jul 16, 2020 · 3 comments
Assignees
@monuelo
Labels
0.2.x Relating to the 0.2.x code branch

Comments

@vvmnnnkv
Copy link
Member

Description

Static FL auth checks auth token against supplied model_name and model_version settings, and if token is valid issues worker_id.
Then, worker requests the cycle using worker_id and pygrid checks that such worker_id really exists (authenticated).
The problem is when requesting a cycle, worker may use ANY model_name, model_versions, including different ones than were validated in the auth request. Which means worker may get worker_id auth using unprotected model and then successfully request cycle of protected model.

How to Reproduce

See above.

Expected Behavior

Worker_id must work only for model that worker was authenticated against.

Screenshots

n/a

System Information

  • OS: [e.g. iOS]
  • OS Version: [e.g. 22]
  • Language Version: [e.g. Python 3.7, Node 10.18.1]
  • Package Manager Version: [e.g. Conda 4.6.1, NPM 6.14.1]
  • Browser (if applicable): [e.g. Google Chrome]
  • Browser Version (if applicable): [e.g. 81.0.4044.138]

Additional Context

Add any other context about the problem here.
@github-actions
Copy link

This issue has been marked stale because it has been open 30 days with no activity. Leave a comment or remove the stale label to unmark it. Otherwise, this will be closed in 7 days.

@vvmnnnkv
Copy link
Member Author

Note: suggested fix is to add new table for FLProcess-Worker authorization.
When worker successfully authenticates for given FL process, we add record to this table.
Then in cycle request, we should check if worker_id is authorized for requested FL process.

@IonesioJunior IonesioJunior transferred this issue from OpenMined/PyGrid-deprecated---see-PySyft- Jun 21, 2021
@IonesioJunior IonesioJunior added Priority: 2 - High 😰 Should be fixed as quickly as possible, ideally within the current or following sprint Severity: 3 - Medium 😒 Does not cause a failure, impair usability, or interfere with the system Type: Bug 🐛 Some functionality not working in the codebase as intended Grid Issues related to Pygrid project labels Jun 21, 2021
@madhavajay madhavajay added 0.2.x Relating to the 0.2.x code branch and removed Type: Bug 🐛 Some functionality not working in the codebase as intended Priority: 2 - High 😰 Should be fixed as quickly as possible, ideally within the current or following sprint Severity: 3 - Medium 😒 Does not cause a failure, impair usability, or interfere with the system Grid Issues related to Pygrid project labels Jun 8, 2022
@madhavajay
Copy link
Collaborator

0.2 is no longer supported.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@monuelo monuelo

Labels
0.2.x Relating to the 0.2.x code branch
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@madhavajay @vvmnnnkv @IonesioJunior @monuelo