Open jumpinjackie opened 10 years ago
At a minimum (before 1.0 final is released) we should implement the following controls.
A configurable property to determine if repository browsing services are accessible.
A associative array of restcfg.json style directives for Feature Sources. If this property is present, a Feature Source access "whitelist" is in effect.
For attack surface reduction config.php should define whether certain routes are enabled/disabled.