Description
Description
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | Kiailandi | T170821 Create a Web interface for data providers | |||
Resolved | Kiailandi | T170823 Create a Web interface to drop a dataset |
Event Timeline
Comment Actions
Right now the CREATE, UPDATE and DELETE endpoints do not have user authentication and the only "layer of security" is client side.
This means that by following the standard user workflow only logged in users can access data manipulation pages and can edit their datasets or update new ones, but technically anyone can access any dataset by doing requests directly to the endpoints.
Considering that creating new datasets is possible for any user anyway and that to update a dataset you need to provide well structured and valid data we can accept that, but given the far worse consequences of an ill intentioned DELETE we will close the DELETE endpoint for the time being, until a proper server-side authentication system will be implemented.