[ECODP-dev] URLS to be blocked by the cache
Bastiaan Deblieck
bastiaan.deblieck at tenforce.com
Thu Dec 20 14:35:20 UTC 2012
Darwin,
Thanks. Communicated the proposed solution to PO.
Best,
Bastiaan
On Wed, Dec 19, 2012 at 4:55 PM, Darwin Peltan <darwin.peltan at okfn.org>wrote:
> As discussed in our session today please see below a link to a document
> with the URLS which the commission should be blocking at the cache level.
>
>
> https://docs.google.com/document/d/19ldeunN3UQG_UTK2F7zplWV6Rjdo1ZdGaLfk_KjQhOU/edit
>
>
> These URLS address
> * Access to the user functions of the API from outside the network
> * Restricting access to user list and user reset
>
> It is essential that these URLS are blocked externally now that NGINX has
> been removed.
>
> The EC also asked about limiting the number of Brute Force requests that
> people can make on the login form. As previously advised this would be best
> limited in the caching layer.
>
> Hopefully this resolves all the security issues raised by the commission.
>
--
Bastiaan Deblieck
Semantic Technology Business Unit Manager
http://www.tenforce.com/
T: +32 16 31 48 60
M:+32 475 95 49 32
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/ecodp-dev/attachments/20121220/1d5d0e5f/attachment.html>
More information about the ecodp-dev
mailing list