-
### Contact Details
itsmefab
### What happened?
Stress testing the websocket with around 500 connections at the same time brings down the websocket i guess.
Dont want to do more testing. Maybe sor…
-
So as to prevent unauthorized access
Could probably implement a token/key system
-
**What?**
Currently the server api provides endpoints that are publically available to users without authentication. This is a requirement as most of the apps we use do not enforce login, however it …
-
Currently the env APP_URL is getting exposed directly on client side because webpack adds it to the bundle. This is an issue because it exposed information about internal infrastructure and even the t…
-
Implement API call security to internal services only
-
The Reddit data inputted from the admin dashboard should be encrypted (Username, password, client id, etc) or authenticate via OAUTH instead. (Not sure if you are limited when using OAUTH)
DNYLA updated
2 years ago
-
The tutorial for the Project [PhotoGallery](https://github.com/eucalypto/learn/issues/19) told me to create my own Flickr API key; and to use it directly in the source code.
But since I'm pushing i…
-
Originally reported on Google Code with ID 994
```
A suggestion from the bigbluebutton-dev list from Steve Clay for the API security model:
* SHA1(msg + key) is not a well-trusted mechanism for gene…
-
Ho would you go about preventing the internal apis from getting accessed directly without routing requests through the api gateway?
We would like to enforce all requests to go through the api gatew…
-
If you create a security policy that only includes dimension fields, but not any measure fields, it:
1. Makes a `/timeseries` request, which fails because there are no measure names
2. Makes `/aggre…