On Wed, Oct 02, 2013 at 08:39:24PM -0500, Brian Bowles wrote:
Is there a way I could just globally turn off all the read capability to
the REST server?
Basically I have data I wish to keep private and it would be a security
risk if someone can
read tickets using REST. I believe I can fix this with permissions but I'd
rather just
completely remove any read capability to the REST server and just use it
to create new
tickets. A 'drop box' if you will from a web front-end. Any ideas?
The REST interface requires a username/password. If your users have
access to the data in the web interface, they have access to it via
REST. If you correctly limit your permissions in the web interface,
that will carry over to REST.
If you really need to lock down REST, your best bet is to block access
at the web server level from anything otehr than your drop box
creation servers.
-kevin
pgpBkAb5klMEt.pgp
Description: PGP signature
--
RT Training in New York, October 8th and 9th: http://bestpractical.com/training
