[CKAN-Security] CKAN security best practices

Andrew Wild andrew.wild at servian.com
Thu Feb 28 02:12:36 UTC 2019


Hi,

I'm currently in the process of evaluating CKAN's security framework for an
open data portal we're building. I'm wondering if you have any reference
documentation for security best practices when installing CKAN?

On a related note, I've noticed that on some CKAN installations, I can hit
the user_list API without an authorisation token and get a list of
usernames, names and sysadmin (TRUE/FALSE). I'm presuming this is not the
recommended approach, is there any documentation you can share that allows
sysadmins to limit the API calls that are available to users?

Thanks,
Andy

-- 
*Andrew Wild* | Consultant | m: 0481 115 645 <0481115645> | p: +61 458 290
389 <+61458290389>
Level 3, 200 Mary Street, Brisbane City QLD 4000
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20190228/1554ff66/attachment.html>


More information about the Security mailing list