Loading...

XML

Word

Printable

Details

Type: Enhancement
Resolution: Done
Priority: Major
Fix Version/s: 1.0.x, 1.0.0.Final
Affects Version/s: 1.0.0.Beta
Component/s: Management API, Management UI
Labels:
None

Git Pull Request:
https://github.com/apiman/apiman/commit/c19200ee5fe767a116cf0b346c23c9f595a7db68

Description

The auth-token support (used in the community edition currently) can easily be made more secure. It requires a shared secret between the UI and the API. This shared secret could be generated once and stored in a simple persistent ISPN cache. It would make it impossible for auth tokens to be forged.

Attachments

Activity

People

Assignee:: Eric Wittmann

Reporter:: Eric Wittmann

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2014/11/25 10:16 AM

Updated:: 2014/12/01 2:12 PM

Resolved:: 2014/12/01 2:12 PM