hi,
Iam currently implementing an pshb consumer. I have a
question to the "Content Distribution". If the hub sends
new entries to my callback I take this entries but have
no chance to verify whether they come from an valid
hub or malicious user. Ok I can specify a hub.secret wich
solves this problem but is there any other way to
protect the consumer?
I come up with this solution ... if a user subscribe to a
new topic the consumer discovers the hub domain and resolves
the IP address via DNS. The consumer saves the IP address
and if the hub is requesting the callback to make "Content Distribution"
the consumer can check whether the IP (REMOTE_ADDR)
is in the table of subscribed topics (this implies that the hub
doesnt change his IP).
If you have any ideas or other solutions please let me know
regards
k42b3
