Feature requests:
- Add a new config param (eg corus.server.api.ssl.enforced = true|false) so
that if true, *all* REST transactions must come over HTTPS
- Add a new config param (eg corus.server.api.auth.required = true|false) so
that if true, *all* REST transactions must be authenticated. If false, only
change activities (as is documented now) requires auth
Logic:
For security for REST data, we don't want api-id/api-key going clear text.
Enabling the first option prevents this.
For security for Corus configuration, we may not want just anyone getting our
config via API. Enabling the second option prevents this.
Original issue reported on code.google.com by c...@maxnet.eu.org on 11 Feb 2015 at 2:20
Original issue reported on code.google.com by
c...@maxnet.eu.org
on 11 Feb 2015 at 2:20