Uploaded image for project: 'Isis'
  1. Isis
  2. ISIS-1048

Make view model URLs more secure, eg through a private key.

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: core-1.7.0
    • Fix Version/s: 1.12.0
    • Component/s: Core
    • Labels:
      None

      Description

      At the moment it is possible to reverse engineer a view model URL, or perhaps to steal it.

      It ought to be encrypted somehow, eg using HMAC.

      http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/AuthJavaSampleHMACSignature.html
      http://www.smartjava.org/content/protect-rest-service-using-hmac-play-20

        Activity

        Hide
        danhaywood Dan Haywood added a comment -

        We now have ISIS-1251 (UrlEncodingService) which opens up this behaviour as an SPI. So this ticket is now one possible implementation of said service.

        Show
        danhaywood Dan Haywood added a comment - We now have ISIS-1251 (UrlEncodingService) which opens up this behaviour as an SPI. So this ticket is now one possible implementation of said service.
        Hide
        danhaywood Dan Haywood added a comment -

        This is supported via the pluggable UrlEncodingService, introduced in Isis 1.11.0

        Show
        danhaywood Dan Haywood added a comment - This is supported via the pluggable UrlEncodingService, introduced in Isis 1.11.0

          People

          • Assignee:
            danhaywood Dan Haywood
            Reporter:
            danhaywood Dan Haywood
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development