twagoo
commented
6 years ago Perhaps we should then also introduce a signing policy for this status to avoid potential/all too easy abuse. E.g. we store a public key in the application's configuration and each admin user must have a matching signature that verifies the principal of that admin.
Currently there is a context parameter that determines who is administrator. Therefore changing this requires a configuration reload, and persisting requires rebuilding the image and carrying out a deployment. Instead the list of admin users should be configured in the database for convenience and flexibility.