[Deploying Sakai] (no subject)
Charles Severance
csev at umich.edu
Thu Feb 21 13:27:02 PST 2013
Steve,
BLTI-122 got the ProviderServlet but not the ServiceServlet
We should probably remove it from ServiceServlet too. Particularly because there are properties that already adequately lock down ServiceServlet.
https://jira.sakaiproject.org/browse/BLTI-212
/Chuck
On Feb 21, 2013, at 4:00 PM, Steve Swinsburg wrote:
> Chuck, does LTI actually use the webservices filter anymore? I don't believe it does. That webservices.allow setting is very bad to enable in production as is since then anyone, anywhere can run SOAP calls. It should be IP restricted. Unless it was added back in, the webservices properties are not required:
> https://jira.sakaiproject.org/browse/BLTI-122
>
> cheers,
> Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20130221/6dd16a51/attachment.html
More information about the production
mailing list