[ https://issues.apache.org/jira/browse/SLING-11678?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17634716#comment-17634716 ]
Konrad Windszus commented on SLING-11678: ----------------------------------------- [~rombert] WDYT? Any particular reason why you implemented this as HTTP Whiteboard servlet in the first place? > Protect the Tooling Support Install servlet > ------------------------------------------- > > Key: SLING-11678 > URL: https://issues.apache.org/jira/browse/SLING-11678 > Project: Sling > Issue Type: Improvement > Reporter: Konrad Windszus > Priority: Major > > Currently the endpoint provided by Tooling Support Endpoint doesn't require > authentication so every anonymous user can install arbitrary bundles. > I would suggest to migrate the endpoint to a [web console > plugin|https://felix.apache.org/documentation/subprojects/apache-felix-web-console/extending-the-apache-felix-web-console/providing-web-console-plugins.html] > to benefit from its built in authentication. -- This message was sent by Atlassian Jira (v8.20.10#820010)