RESTful API security review and refinements
Issue #1145
resolved
A number of things need to be reviewed:
- Need roles for public access that read all the dashboard pages, etc but not individual records
- Need roles to read API end points but mostly used by external apps.
- A review of how to control access to the RESTful API (and not just for login users in the web app)
- Put the backend and frontend through a web penetration testing tool to address any security issues.
- Anything else?
Comments (8)
-
reporter
-
reporter
This issue is a little related to https://bitbucket.org/softwords/pineapples/issues/1118/properly-document-the-restful-api-hpr-2022
-
reporter
- changed title to RESTful API security review and refinements [HPR:2022]
- edited description
-
reporter
-
assigned issue to
Brian Lewis
-
assigned issue to
-
reporter
- changed title to RESTful API security review and refinements
- removed responsible_account_id
-
reporter
- changed status to wontfix
Most of this was done. A penetration testing tool would be a good thing eventually and can be done within its own specific work.
-
reporter
- changed status to open
-
reporter
- changed status to resolved
Most of this was done. A penetration testing tool would be a good thing eventually and can be done within its own specific work.
- Log in to comment
