Add ability to remove authorised principals #9
Comments
|
@ericswanson-dfinity, @krpeacock, WDYT?
How would you check that? By invoking https://docs.dfinity.systems/spec/public/#ic-canister_status in every update call? I believe we should split |
|
No that makes sense. Is an update call to the management canister as slow as a normal update call? I thought it might be faster because of this part in the Internet Computer specification: "The IC management canister is just a facade; it does not actually exist as a canister (with isolated state, Wasm code, etc.)." |
It's about the same and can easily increase latency by a factor of 2. |
There is an
authorize(other: Principal)function to add other principals but nodeauthorize(principal: Principal)function which removes authorized principals. We would love to be able to have this functionality in the certified asset canister because we are building a DAO product where somebody could put their asset canister under control of the DAO.One potential problem with this that if somebody who is malicious gains control of an authorized principal the
deauthorizefunction could be used to lock everybody else out and upload a malicious frontend. Without adeauthorizefunction however somebody malicious could always spam the canister with a malicious frontend without someone stopping him/her.My proposed solution would be to add a
deauthorizefunction while making it so that the controllers of the canister are always authorized (they could wipe the canister and reupload anyways). This way somebody could hand over control to a DAO simply by changing the controller just like it normally works for other canisters.I wouldn't mind making a pull request for this, but first I wanted to check if you would be open to the idea.
The text was updated successfully, but these errors were encountered: