RCS storage is currently completely transparent with no access control. We should have access control to RCS such that users can only modify keys that they have been granted write access to.
Technically, this could be enforced by the back-end, but we have to define some access control guidelines. Keys for stars have to be changed (among other things #324 fixed) so that access control can be key-based. The RCS wiki page outlines the original RCS guidelines and current use.
1661 plus the use of a DB password (already supported) should address this since the access control is then at the API level, i.e., control defines which RCS requests are allowed to go through by using the API while no direct RCS access is allowed.
RCS storage is currently completely transparent with no access control. We should have access control to RCS such that users can only modify keys that they have been granted write access to.
Technically, this could be enforced by the back-end, but we have to define some access control guidelines. Keys for stars have to be changed (among other things #324 fixed) so that access control can be key-based. The RCS wiki page outlines the original RCS guidelines and current use.