https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30962
--- Comment #9 from David Cook <[email protected]> --- Regarding security, I've been thinking more about this, and in theory you could lock down all non-public API routes by IP address, if your organisation has static IP addresses and requires VPNs for working from home (WFH). We do this on other systems that have admin APIs. It's possible that you might need to provide a third-party access to an admin API (like this one in bug 30962), but then you can add their IP address to the allow list. It just adds another layer of security over top of the existing security measures. We could promote the idea by adding some configuration directives to Apache that allow all IP addresses for both public and non-public API routes and include some comments about how they can lock down the non-public API routes by doing X, Y, and Z. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
