I have an Adobe I/O Runtime action that is configured as web:no (non-web action) to consume events from the Journaling API via a scheduled job. The scheduler fails if I use require-adobe-auth:true. It only works if I explicitly set the annotation to false. Since the action has no public URL, it's secured by the namespace credentials. My main question is: Is there any potential security risk or vulnerability introduced by explicitly setting require-adobe-auth: false on an action that is already web: no?
Thanks,
Ayush
Topics
Topics help categorize Community content and increase your ability to discover relevant content.
My main question is: Is there any potential security risk or vulnerability introduced by explicitly setting require-adobe-auth: false on an action that is already web: no?
No there is no security risk when you set it to false. With journaling you are anyways pulling data from Adobe and not the other way round.
