search

yduchesne / sapia

Automatically exported from code.google.com/p/sapia
0 stars 0 forks source link

Enable Option to Force SSL for REST API and force auth for all REST API requests #32

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Feature requests:

- Add a new config param (eg corus.server.api.ssl.enforced = true|false) so 
that if true, *all* REST transactions must come over HTTPS

- Add a new config param (eg corus.server.api.auth.required = true|false) so 
that if true, *all* REST transactions must be authenticated.  If false, only 
change activities (as is documented now) requires auth

Logic:

For security for REST data, we don't want api-id/api-key going clear text.  
Enabling the first option prevents this.

For security for Corus configuration, we may not want just anyone getting our 
config via API.  Enabling the second option prevents this.

Original issue reported on code.google.com by c...@maxnet.eu.org on 11 Feb 2015 at 2:20