Closed ripper234 closed 8 years ago
We need to make sure important pages e.g. /providers are not accessed without a security token.
Today anyone can go to http://playainfo.midburn.org/providers and cause havoc.
Let's make it so this page is only active with an access code, e.g.
http://playainfo.midburn.org/providers?c=m1098a7sd
(The actual access code is constant system-wide, and should not be public. It cannot be on github, must be a system configuration on the AWS machine).
Admin pages are now accessible to logged user only. Registration is still publicly available for convenience, but can be switched off when needed.
We need to make sure important pages e.g. /providers are not accessed without a security token.
Today anyone can go to http://playainfo.midburn.org/providers and cause havoc.
Let's make it so this page is only active with an access code, e.g.
(The actual access code is constant system-wide, and should not be public. It cannot be on github, must be a system configuration on the AWS machine).