Is there a way I could just globally turn off all the read capability to
the REST server? Basically I have data I wish to keep private and it would
be a security risk if someone can read tickets using REST. I believe I can
fix this with permissions but I’d rather just completely remove any read
capability to the REST server and just use it to create new tickets. A
’drop box’ if you will from a web front-end. Any ideas?
Is there a way I could just globally turn off all the read capability to the REST server?
Basically I have data I wish to keep private and it would be a security risk if someone can
read tickets using REST. I believe I can fix this with permissions but I’d rather just
completely remove any read capability to the REST server and just use it to create new
tickets. A ‘drop box’ if you will from a web front-end. Any ideas?
The REST interface requires a username/password. If your users have
access to the data in the web interface, they have access to it via
REST. If you correctly limit your permissions in the web interface,
that will carry over to REST.
If you really need to lock down REST, your best bet is to block access
at the web server level from anything otehr than your drop box
creation servers.
-kevin