Comment 21 for bug 1311223
Revision history for this message
| Dmitry Janushkevich (dev-zzo) wrote | #21 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Hello,
It is my opinion that relying on the URL being "secret" does not seem to be a proper approach to security, as the URL (as I see it) is ultimately shared between a group of users; at this point, it is no longer so "secret". Then again, the URL might leak via other channels as well. This leads me to a thought that templates should be protected via other mechanisms as well.
I was unable to locate any mention of whether Heat supports e.g. basic HTTP authentication or any other access restriction mechanisms for accessing templates to properly secure the templates. Can someone please point me in a right direction here -- docs, discussions?
Thank you in advance,
D.