Sent from my iPhone
> On 30 Oct 2016, at 11:46, Stephen Cameron <[email protected]> wrote: > > I have an isis app that will be publicly accessible. > > I'd like to make is as secure as is reasonable. > > Use of SSL is necessary of course. > > Internet banking sites seem to make do with password authentication, but > expire dormant sessions very promptly and not show any account details in > the UI (so someone can see the account name and guess the password). Is > similar possible in Apache Isis? > I didn't understood what you want to achieve > I need to disable the RESTful objects interface too. > That one is as simple as removing the RESTful objects filter from the web.xml > Thanks for any suggestions or tips. > > Stephen Cameron
