Rev 564 | Rev 572 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 564 | Rev 566 | ||
|---|---|---|---|
| Line 9... | Line 9... | ||
| 9 | 9 | ||
| 10 | SECURITY Improvements: |
10 | SECURITY Improvements: |
| 11 | - Make attachment upload path configurable |
11 | - Make attachment upload path configurable |
| 12 | - Small security issue: A visitor can check which plugins are installed by either entering a "goto" command (e.g. "oidplus:vnag_version_check") |
12 | - Small security issue: A visitor can check which plugins are installed by either entering a "goto" command (e.g. "oidplus:vnag_version_check") |
| 13 | and see which error message appears, or they could try to enter "plugin/adminPages/..." using the web browser and see if the result is HTTP 200 or HTTP 404. |
13 | and see which error message appears, or they could try to enter "plugin/adminPages/..." using the web browser and see if the result is HTTP 200 or HTTP 404. |
| - | 14 | - Automated AJAX requests: Give a possibility to revoke JWT tokens in case they got stolen? |
|
| - | 15 | - Automated AJAX requests: Should the admin define a max lifetime for the JWT tokens? |
|
| 14 | 16 | ||
| 15 | IDEAS FOR NEW FUNCTIONALITIES |
17 | IDEAS FOR NEW FUNCTIONALITIES |
| 16 | - Admin plugin "Attachments" with following functionalities: |
18 | - Admin plugin "Attachments" with following functionalities: |
| 17 | * Show every object and its attachments, so that the admin knows what's going on |
19 | * Show every object and its attachments, so that the admin knows what's going on |
| 18 | (Alternatively they can just look in the userdata directory using FTP) |
20 | (Alternatively they can just look in the userdata directory using FTP) |