[ECODP-dev] URLS to be blocked by the cache
Darwin Peltan
darwin.peltan at okfn.org
Wed Dec 19 15:55:17 UTC 2012
Hi,
As discussed in our session today please see below a link to a document
with the URLS which the commission should be blocking at the cache level.
https://docs.google.com/document/d/19ldeunN3UQG_UTK2F7zplWV6Rjdo1ZdGaLfk_KjQhOU/edit
These URLS address
* Access to the user functions of the API from outside the network
* Restricting access to user list and user reset
It is essential that these URLS are blocked externally now that NGINX has
been removed.
The EC also asked about limiting the number of Brute Force requests that
people can make on the login form. As previously advised this would be best
limited in the caching layer.
Hopefully this resolves all the security issues raised by the commission.
Best,
Darwin
Darwin Peltan
Project Manager
The Open Knowledge Foundation
http://www.okfn.org
Skype: darwinp
Twitter: @darwin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/ecodp-dev/attachments/20121219/e98f2e5f/attachment.html>
More information about the ecodp-dev
mailing list