You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@isis.apache.org by "Dan Haywood (JIRA)" <ji...@apache.org> on 2015/02/19 14:56:11 UTC

[jira] [Created] (ISIS-1048) Make view model URLs more secure, eg through a private key.

Dan Haywood created ISIS-1048:
---------------------------------

             Summary: Make view model URLs more secure, eg through a private key.
                 Key: ISIS-1048
                 URL: https://issues.apache.org/jira/browse/ISIS-1048
             Project: Isis
          Issue Type: Improvement
          Components: Core
    Affects Versions: core-1.7.0
            Reporter: Dan Haywood
            Assignee: Dan Haywood
            Priority: Minor
             Fix For: core-1.9.0


At the moment it is possible to reverse engineer a view model URL, or perhaps to steal it.  

It ought to be encrypted somehow, eg using HMAC.

http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/AuthJavaSampleHMACSignature.html
http://www.smartjava.org/content/protect-rest-service-using-hmac-play-20



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)