jumpinjackie / mapguide-rest

REST Extension for MapGuide Open Source
GNU Lesser General Public License v2.1
26 stars 14 forks source link

Configurable attack surface reduction #8

Open jumpinjackie opened 10 years ago

jumpinjackie commented 10 years ago

For attack surface reduction config.php should define whether certain routes are enabled/disabled.

jumpinjackie commented 9 years ago

At a minimum (before 1.0 final is released) we should implement the following controls.

A configurable property to determine if repository browsing services are accessible.

A associative array of restcfg.json style directives for Feature Sources. If this property is present, a Feature Source access "whitelist" is in effect.