hcwinsemius
commented
3 years ago Splitted in several issues, closing this one.
Closed hcwinsemius closed 3 years ago
hcwinsemius
commented
3 years ago Splitted in several issues, closing this one.
Currently any user can "steal" credentials to ODK or ODM servers or use database models without any password restrictions. Good start would be to close the API to logged in users by adding auth=.. directives to the headers of all API calls.