Implement Grant Levels for Hash's

Neseek77 / openmeetings

Automatically exported from code.google.com/p/openmeetings

1 stars 0 forks source link

Implement Grant Levels for Hash's #1542

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

Goal is to make the SOAP/REST Requests more secure from an 
Administration/Server point of view.

Therefore hashs need to be extended with Grant-Operations for methods they have 
access to, and it has to be an one-time or multiple times "grant".

Original issue reported on code.google.com by seba.wag...@gmail.com on 12 Oct 2011 at 10:40

GoogleCodeExporter commented 9 years ago

Original comment by seba.wag...@gmail.com on 12 Oct 2011 at 10:40

Added labels: MileStone-Future

GoogleCodeExporter commented 9 years ago

Further explenation:

Before giving the Hash to the client to connect to the application by appending 
the HASH to the URL, the HASH should be protected.

In that sense the HASH must hold a reference to the methods he is valid for.

This patch has to be backward compatible with old implementations.

Original comment by seba.wag...@gmail.com on 12 Oct 2011 at 10:44

GoogleCodeExporter commented 9 years ago

After reviewing our process this is already okay:
We produce a hash for the URL that is only valid for that action ... I think I 
have gone to far with this Issue here and will put it on-Hold.

Original comment by seba.wag...@gmail.com on 12 Oct 2011 at 11:07

Changed state: onHold