If all endpoints (e.g. DELETE /corpora/xyz) are available, it is very easy for someone to delete another's data. These can be disabled per-installation by, e.g., commenting out the relevant function. It would be better if these could be disabled (or enabled, perhaps) via a config file.
If all endpoints (e.g.
DELETE /corpora/xyz
) are available, it is very easy for someone to delete another's data. These can be disabled per-installation by, e.g., commenting out the relevant function. It would be better if these could be disabled (or enabled, perhaps) via a config file.