YlaneT
commented
1 year ago To rectify this problem, we need to set up Spring security
Open YlaneT opened 1 year ago
YlaneT
commented
1 year ago To rectify this problem, we need to set up Spring security
Right now, we use a admin in the name of user pattern to perform actions on mantis. The Authenticator class logs in with brute values as username and password that are visible in source code
IT IS NOT ACCEPTABLE IN PRODUCTION
Moreover, for some endpoints, such as Get issues monitored by me, Get issues reported by me, Get issues assigned to me, it would be way easier and perfomance-wise better to log in as the user and get the issues from the "My view" page. It also permits easier access restrictions, since mantis will restrict access depending on who is logged in.
But how to transfer the users creds to the API without creating a security issue ?