I have an isis app that will be publicly accessible. I'd like to make is as secure as is reasonable.
Use of SSL is necessary of course. Internet banking sites seem to make do with password authentication, but expire dormant sessions very promptly and not show any account details in the UI (so someone can see the account name and guess the password). Is similar possible in Apache Isis? I need to disable the RESTful objects interface too. Thanks for any suggestions or tips. Stephen Cameron
