[Building Sakai] Selectively using basic authentication in Entity Brokers
Matthew Jones
matthew at longsight.com
Wed Apr 3 07:32:44 PDT 2013
If you have Apache or Nginx in front you can do whatever you want, block it
completely or provide some other filtering to it. (Like IP restriction).
There isn't anything built in like web services because these external
/direct endpoints are intended to be interacted with by client browsers,
not servers like the web services are.
Otherwise all of these entities already should be providing security and
only showing content appropriate and specific to the user logged in. If
there's some sensitive/secure information on a URL that's public, you
should send an email to security at sakaifoundation.org and describe the
problem.
On Wed, Apr 3, 2013 at 10:21 AM, David Wafula <davidwaf at gmail.com> wrote:
> Hi all,
> We wish to selectively lock down some /direct/blalbla urls through basic
> authentication, is this possible?
>
> Regards
>
> --
> David Wafula
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130403/913d7112/attachment.html
More information about the sakai-dev
mailing list