RohanM
commented
13 years ago A simple option would be to use an API key. Let's talk about it at the stand-up.
Closed odf closed 12 years ago
RohanM
commented
13 years ago A simple option would be to use an API key. Let's talk about it at the stand-up.
RohanM
commented
13 years ago Implemented on ADAUsers in api_key branch, will merge and deploy when ADAPT and the CMS are ready.
We need to protect ADA user data from unauthorised access. What's a good way of doing this? The simplest one I can think of is restricting access to a certain range of IP addresses, but that could be a teensy bit inflexible. We might also do something more elaborate like set a session token in a cookie restricted to the ada.edu.au domain whenever a user logs in and use that together with information the client app would have received via OpenID to compute an access key.
Maybe run this through Steve M. and Nick?