Indeed, that was my thinking. There is already provisioning for it in the code, so we just need to wire it in. f no objections I'll create a JIRA and give it a go.
On Wed, Mar 9, 2016 at 9:25 PM, Andrew Purtell <apurt...@apache.org> wrote: > I think we need an JIRA. We haven't considered access control for the UIs > before. IMHO, they are inherently unsafe except for operator use ("no user > serviceable parts inside") so random folks should not be given network > paths to them. > > On Wed, Mar 9, 2016 at 5:31 AM, Lars George <lars.geo...@gmail.com> wrote: > >> Hi, >> >> Reading the whole HttpServer code base, and while this is a copy it >> seems from HttpServer2, including the ability to set ACLs with users >> who are allowed to access (admins), I cannot see this ever being set. >> Am I missing something, or is there a JIRA documenting that this needs >> adding? >> >> Thanks, >> Lars >> > > > > -- > Best regards, > > - Andy > > Problems worthy of attack prove their worth by hitting back. - Piet Hein > (via Tom White)