diff options
Diffstat (limited to 'taler-merchant-manual.rst')
| -rw-r--r-- | taler-merchant-manual.rst | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/taler-merchant-manual.rst b/taler-merchant-manual.rst index 1cc59261..4a9fd7a5 100644 --- a/taler-merchant-manual.rst +++ b/taler-merchant-manual.rst @@ -773,6 +773,12 @@ similar to the ``root`` account on UNIX. The following documentation shows how to handle any instance, so you should read it twice, first creating the ``default`` instance, then creating normal ones. +.. note:: + A security concern is that instance existence is leaked by normal API usage. + This means unauthorized users can distinguish between the case where the + instance does not exist (HTTP 404) and the case where access is denied + (HTTP 403). + KUDOS Accounts -------------- |