commit 4e6ce2b0d6d9d4b665917d602b32389b530b4694
parent e81893d4d2b0de9482b6a45f441d89ee6081d96d
Author: Joel-Haeberli <haebu@rubigen.ch>
Date: Thu, 6 Jun 2024 10:35:30 +0200
docs: improve title
Diffstat:
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/content/implementation/d-security.tex b/docs/content/implementation/d-security.tex
@@ -103,6 +103,6 @@ The wire gateway specifies a basic authentication scheme \cite{taler-wire-gatewa
A provider may want to register a new Terminal or maybe even a new provider shall be registered for the exchange. To make this step easier for the exchange operators, a simple cli program (command line interface) was implemented (\autoref{sec-implementation-cli}). The cli will either ask for a password or generate an access token in case of the terminal registration. The credentials are stored has hashes using a PBKDF (password based key derivation function) so that even if the database leaks, the credentials cannot be easily read by an attacker.
-\subsection{Deactivating Terminals}
+\subsection{Hijacking And Stealing Terminals}
A Terminal can be stolen, hijacked or hacked by malicious actors. Therefore it must be possible to disable a terminal immediately and no longer allow withdrawals using this terminal. Therefore the \textit{active} flag can be set to \textit{false} for a registered terminal. The Terminals-API which processes withdrawals and authenticates terminals, checks that the requesting terminal is active and is allowed to initiate withdrawals. Since the check for the \textit{active} flag must be done for each request of a terminal, the check can be centralized and is implemented as part of the authentication flow. A Wallee terminal can be deactivated using the cli mentioned in \autoref{sec-security-registering-providers}.
diff --git a/docs/thesis.pdf b/docs/thesis.pdf
Binary files differ.
