[ECODP-dev] URLS to be blocked by the cache

• Previous message: [ECODP-dev] Fwd: Ckan management scripts
• Next message: [ECODP-dev] URLS to be blocked by the cache
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

As discussed in our session today please see below a link to a document
with the URLS which the commission should be blocking at the cache level.

https://docs.google.com/document/d/19ldeunN3UQG_UTK2F7zplWV6Rjdo1ZdGaLfk_KjQhOU/edit


These URLS address
* Access to the user functions of the API from outside the network
* Restricting access to user list and user reset

It is essential that these URLS are blocked externally now that NGINX has
been removed.

The EC also asked about limiting the number of Brute Force requests that
people can make on the login form. As previously advised this would be best
limited in the caching layer.

Hopefully this resolves all the security issues raised by the commission.

Best,

Darwin

Darwin Peltan
Project Manager

The Open Knowledge Foundation
http://www.okfn.org

Skype: darwinp
Twitter: @darwin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/ecodp-dev/attachments/20121219/e98f2e5f/attachment.html>

• Previous message: [ECODP-dev] Fwd: Ckan management scripts
• Next message: [ECODP-dev] URLS to be blocked by the cache
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]