Re: Where to set UI ACLs?
Indeed, that was my thinking. There is already provisioning for it in the code, so we just need to wire it in. f no objections I'll create a JIRA and give it a go. On Wed, Mar 9, 2016 at 9:25 PM, Andrew Purtellwrote: > I think we need an JIRA. We haven't considered access control for the UIs > before. IMHO, they are inherently unsafe except for operator use ("no user > serviceable parts inside") so random folks should not be given network > paths to them. > > On Wed, Mar 9, 2016 at 5:31 AM, Lars George wrote: > >> Hi, >> >> Reading the whole HttpServer code base, and while this is a copy it >> seems from HttpServer2, including the ability to set ACLs with users >> who are allowed to access (admins), I cannot see this ever being set. >> Am I missing something, or is there a JIRA documenting that this needs >> adding? >> >> Thanks, >> Lars >> > > > > -- > Best regards, > >- Andy > > Problems worthy of attack prove their worth by hitting back. - Piet Hein > (via Tom White)
Re: Where to set UI ACLs?
I think we need an JIRA. We haven't considered access control for the UIs before. IMHO, they are inherently unsafe except for operator use ("no user serviceable parts inside") so random folks should not be given network paths to them. On Wed, Mar 9, 2016 at 5:31 AM, Lars Georgewrote: > Hi, > > Reading the whole HttpServer code base, and while this is a copy it > seems from HttpServer2, including the ability to set ACLs with users > who are allowed to access (admins), I cannot see this ever being set. > Am I missing something, or is there a JIRA documenting that this needs > adding? > > Thanks, > Lars > -- Best regards, - Andy Problems worthy of attack prove their worth by hitting back. - Piet Hein (via Tom White)
Re: Where to set UI ACLs?
On Wed, Mar 9, 2016 at 5:31 AM, Lars Georgewrote: > Hi, > > Reading the whole HttpServer code base, and while this is a copy it > seems from HttpServer2, including the ability to set ACLs with users > who are allowed to access (admins), I cannot see this ever being set. > Am I missing something, or is there a JIRA documenting that this needs > adding? > > Needs adding I'd say Lars (I don't remember seeing this during review). St.Ack