Closed hcwinsemius closed 3 years ago
Currently any user can "steal" credentials to ODK or ODM servers or use database models without any password restrictions. Good start would be to close the API to logged in users by adding auth=.. directives to the headers of all API calls.
Splitted in several issues, closing this one.
Currently any user can "steal" credentials to ODK or ODM servers or use database models without any password restrictions. Good start would be to close the API to logged in users by adding auth=.. directives to the headers of all API calls.