[Deploying Sakai] (no subject)

Charles Severance csev at umich.edu
Thu Feb 21 13:27:02 PST 2013


BLTI-122 got the ProviderServlet but not the ServiceServlet

We should probably remove it from ServiceServlet too.  Particularly because there are properties that already adequately lock down ServiceServlet.



On Feb 21, 2013, at 4:00 PM, Steve Swinsburg wrote:

> Chuck, does LTI actually use the webservices filter anymore? I don't believe it does. That webservices.allow setting is very bad to enable in production as is since then anyone, anywhere can run SOAP calls. It should be IP restricted. Unless it was added back in, the webservices properties are not required:
> https://jira.sakaiproject.org/browse/BLTI-122
> cheers,
> Steve

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20130221/6dd16a51/attachment.html 

More information about the production mailing list