Rev 564 | Rev 572 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 564 | Rev 566 | ||
---|---|---|---|
Line 9... | Line 9... | ||
9 | 9 | ||
10 | SECURITY Improvements: |
10 | SECURITY Improvements: |
11 | - Make attachment upload path configurable |
11 | - Make attachment upload path configurable |
12 | - Small security issue: A visitor can check which plugins are installed by either entering a "goto" command (e.g. "oidplus:vnag_version_check") |
12 | - Small security issue: A visitor can check which plugins are installed by either entering a "goto" command (e.g. "oidplus:vnag_version_check") |
13 | and see which error message appears, or they could try to enter "plugin/adminPages/..." using the web browser and see if the result is HTTP 200 or HTTP 404. |
13 | and see which error message appears, or they could try to enter "plugin/adminPages/..." using the web browser and see if the result is HTTP 200 or HTTP 404. |
- | 14 | - Automated AJAX requests: Give a possibility to revoke JWT tokens in case they got stolen? |
|
- | 15 | - Automated AJAX requests: Should the admin define a max lifetime for the JWT tokens? |
|
14 | 16 | ||
15 | IDEAS FOR NEW FUNCTIONALITIES |
17 | IDEAS FOR NEW FUNCTIONALITIES |
16 | - Admin plugin "Attachments" with following functionalities: |
18 | - Admin plugin "Attachments" with following functionalities: |
17 | * Show every object and its attachments, so that the admin knows what's going on |
19 | * Show every object and its attachments, so that the admin knows what's going on |
18 | (Alternatively they can just look in the userdata directory using FTP) |
20 | (Alternatively they can just look in the userdata directory using FTP) |