Authentication/authorization/user management?

ADAH-EviDENce / evidence

doc2vec-based assisted close reading with support for abstract concept-based search and context-based search

GNU General Public License v3.0

3 stars 1 forks source link

Authentication/authorization/user management? #39

Open sverhoeven opened 4 years ago

sverhoeven commented 4 years ago

Anybody can do curl -XPOST http://<some domain on internet>:8080/users -d 'me' to get an account.
Anybody can pick an existing username and see the data associated with that account.
No password is needed to authenticate, just pick a username
Easy to share results by just logging in as same user

I would not like to run this service on the Internet, as is.

Are these features acceptable for others?

meiertgrootes commented 4 years ago

This is indeed an issue. the idea was, that as long as the system was running locally, i.e. brought up by a user on on their own machine, the risk, while present, wasn't very large. Accordingly, due to a lack of time, this was pushed back in priority. Those instances of the Gui that were exposed to the internet during the workshop were placed behind a password protection. I don't know the details of the choices made there, as this was done and hosted via knaw-huc.

cwmeijer commented 4 years ago

We won't host it for the coming milestone so this is not an issue right now. User shouldnt host it to the internet.