Ya, there[1] has 1 PR working on this issue. [1] https://github.com/apache/apisix-dashboard/pull/330
Best Regards! @ Zhiyuan Ju <https://www.shaoyaoju.org/> vincixu <[email protected]> 于2020年8月6日周四 上午10:04写道: > I think should not expose dashboard to external internet ,if we must > expose, we should add a complete authentication for APISIX, such as > "jwt+RBAC", key-auth is a weak security. > > Zhiyuan Ju <[email protected]> 于2020年7月25日周六 上午9:02写道: > > > 🤔 > > > > Because there has one Manager API between Admin API and Dashboard, and > the > > API is fixed stored in Manager API currently, so not sure how to use > manual > > TLS to protect the dashboard usage. > > > > Ming Wen <[email protected]>于2020年7月25日 周六上午8:37写道: > > > > > For the production environment, it is recommended to use mTLS to > > > communicate between the admin API and the dashboard. > > > > > > Zhiyuan Ju <[email protected]> 于 2020年7月23日周四 上午11:27写道: > > > > > > > Hi, > > > > > > > > One user just reminded me that the API Key is stored in manager-api > > > > directly, we may store it in frontend or have an OAuth policy. > > > > > > > > So how could we protect our dashboard from being accessed by > attackers? > > > > > > > > Best regards! > > > > -- > > > > 来自 琚致远 > > > > > > > > > -- > > 来自 琚致远 > > >
