[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-docs] 25/36: document new auth policy

From: gnunet
Subject: [taler-docs] 25/36: document new auth policy
Date: Tue, 22 Jun 2021 19:35:21 +0200

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository docs.

commit 29c6de2b0a5c3cdf6528df7370eed13fc0f78f00
Author: Christian Grothoff <>
AuthorDate: Wed May 19 18:44:31 2021 +0200

    document new auth policy
 taler-merchant-manual.rst | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/taler-merchant-manual.rst b/taler-merchant-manual.rst
index 6782c7e..f8e2eb3 100644
--- a/taler-merchant-manual.rst
+++ b/taler-merchant-manual.rst
@@ -778,16 +778,17 @@ If everything worked as expected, the command
 .. code-block:: console
-   $ curl http://localhost:8888/
+   $ curl http://localhost:8888/config
-should return the message
+should return some basic configuration status data about the service.
-.. code-block:: none
+Please note that your backend is right now likely globally reachable.  You can 
-   Hello, I'm a merchant's Taler backend. This HTTP server is not for humans.
+  * Use the ``--auth=$TOKEN`` command-line option to set an access token to be 
provided in an ``Authorize: Bearer $TOKEN`` HTTP header. Note that this can be 
used at anytime to override access control, but remains only in effect until a 
first instance is created or an existing instance authentication setting is 
+  * Set the ``TALER_MERCHANT_TOKEN`` environment variable to ``$TOKEN`` for 
the same effect. This method has the advantage of ``$TOKEN`` not being visible 
as a command-line interface to other local users on the same machine.
+  * Set up an instance with an authentication token before some unauthorized 
person has a chance to access the backend.  As the backend is useless without 
any instance and the chances of remote attackers during the initial 
configuration is low, this is probably sufficient for most use-cases. Still, 
keep the first two scenarios in mind in case you ever forget your access token!
-Please note that your backend is right now likely globally reachable.
-Production systems should be configured to bind to a UNIX domain socket
+Production systems should additionally be configured to bind to a UNIX domain 
 and use TLS for improved network privacy, see :ref:`Secure setup 

To stop receiving notification emails like this one, please contact

reply via email to

[Prev in Thread] Current Thread [Next in Thread]