Open krowvin opened 1 week ago
https://github.com/USACE/cwms-data-api/pull/872
Its possible there is still a place or two. I'm checking
oh, right. the IT will need the auth added too
Auth added by Ryan to this endpoint. Other concerns as follows: Future addition of the MQ pieces might have sensitive data. Get endpoints to properties, CLOB, and BLOB could have auth added given their usage to store application level data. @MikeNeilson do you have thoughts here?
MQ would be authorized only; unless a compelling argument is made otherwise. But even then the scope of data would be limited.
CLOB/BLOB. fair point. Will require further consideration.
Though it dawns on me that properties, and probably water supply, and honestly most of the "REGI" derived endpoints should be authorized even for read. Charles also found some hostnames in the properties that we assume were stored by REGI, but it also makes sense that that particular properties endpoint isn't for public consumption.
The following are endpoints that I tested and that, for some reason or another (REGI?), have IP address/User Information/Hostnames in them.
Would the best method be to force authentication of these GET requests?
Project Lock Rights Endpoint
Command
Result
Having a user in REGI create a lock, then running that to see the output gives this
Project Lock Revoker Rights Endpoint
Command
Result