ec3ba88459
migration 017 adds machine_id to agents table middleware validates X-Machine-ID header on authed routes agent client sends machine ID with requests MIN_AGENT_VERSION config defaults 0.1.22 version utils added for comparison blocks config copying attacks via hardware fingerprint old agents get 426 upgrade required breaking: <0.1.22 agents rejected
12 lines
520 B
SQL
12 lines
520 B
SQL
-- Add machine_id column to agents table for hardware fingerprint binding
|
|
-- This prevents config file copying attacks by validating hardware identity
|
|
|
|
ALTER TABLE agents
|
|
ADD COLUMN machine_id VARCHAR(64);
|
|
|
|
-- Create unique index to prevent duplicate machine IDs
|
|
CREATE UNIQUE INDEX idx_agents_machine_id ON agents(machine_id) WHERE machine_id IS NOT NULL;
|
|
|
|
-- Add comment for documentation
|
|
COMMENT ON COLUMN agents.machine_id IS 'SHA-256 hash of hardware fingerprint (prevents agent impersonation via config copying)';
|