As a secure system it shall protect RESTful API based service endpoint against mal-requests

## Description

* 1. When an API is exposed to public user registration, it shall be protected against bulk requests that are initialized by robot agent. Possible protection tool could be
  - 1.1 capcha
  - 1.2 CSRF token
  - 1.3 IP based flow control 

* 2. When an API is provided for external service endpoint, it shall be protected by 
  - 2.1 application id/secret token exchange mechanism

* 3. When an API is provided for HTTP based admin tool, it shall be protected by 
  - 3.1 capcha
  - 3.2 CSRF token
  - 3.3 IP restriction

* 4. When an API is provided for CLI based admin tool, it shall be protectd by
  - 4.1 IP restricted SSH

## Implementation

* CSRF shall be turned on globally in app configuration
* capcha shall be implemented in application
* IP based flow controll shall be turned on globally in app configuration
* IP restriction for HTTP/HTTPS/SSH access shall be implemented in live system


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

As a secure system it shall protect RESTful API based service endpoint against mal-requests #4

Description

Implementation

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

As a secure system it shall protect RESTful API based service endpoint against mal-requests #4

Description

Description

Implementation

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions