Indeed, that was my thinking. There is already provisioning for it in
the code, so we just need to wire it in. f no objections I'll create a
JIRA and give it a go.
On Wed, Mar 9, 2016 at 9:25 PM, Andrew Purtell <apurt...@apache.org> wrote:
> I think we need an JIRA. We haven't considered access control for the UIs
> before. IMHO, they are inherently unsafe except for operator use ("no user
> serviceable parts inside") so random folks should not be given network
> paths to them.
>
> On Wed, Mar 9, 2016 at 5:31 AM, Lars George <lars.geo...@gmail.com> wrote:
>
>> Hi,
>>
>> Reading the whole HttpServer code base, and while this is a copy it
>> seems from HttpServer2, including the ability to set ACLs with users
>> who are allowed to access (admins), I cannot see this ever being set.
>> Am I missing something, or is there a JIRA documenting that this needs
>> adding?
>>
>> Thanks,
>> Lars
>>
>
>
>
> --
> Best regards,
>
> - Andy
>
> Problems worthy of attack prove their worth by hitting back. - Piet Hein
> (via Tom White)
