Currently, GitHub gates validate incoming payloads when and only when:
- the gate is declared in credentials.json
- a secret is given
In all other case, you can flood the server with payloads for unknown doors.
This could or could not be an issue depending of the configuration:
- if the notifications center is on an internal network to communicate only between hosted tools, it's fairly safe
- if the notifications center must accept payloads from services like Docker Hub or GitHub, we should provide antiflood protection
Each service could get one or more key (to allow several sources to target the same gate/door). Constraints should be by gate and door.
For example we could have:
|01553806-e809-11e6-a54c-0050560043af||*||*||payloads from any service for any project|
|01553807-e809-11e6-a54c-0050560043af||GitHub||*||payloads from GitHub for any project|
|01553808-e809-11e6-a54c-0050560043af||GitHub||Nasqueron||payloads from GitHub for Nasqueron|
|01553809-e809-11e6-a54c-0050560043af||*||Nasqueron||payloads from any service for Nasqueron project|