slush-marklogic-node icon indicating copy to clipboard operation
slush-marklogic-node copied to clipboard

Published 20 hours ago verified publisher icon marklogic-community

Protect user profiles with ML security

Open grtjn opened this issue 9 years ago • 3 comments

proxy.js currently contains special measure to safeguard against profile updates on other users profiles. I think it will make things easier if we simply disallow updating user profiles (with protected collections or such), and force the ui to use an amped rest extension to do profile updates.

grtjn avatar Sep 25 '15 08:09 grtjn

@grtjn , by amped rest extension do you mean a new rest extension needs to be created and the profile route will only use that new extension?

janmichaelyu avatar Dec 16 '15 07:12 janmichaelyu

Yes. Some profile rest extension which is amped itself or uses an amped function to access docs in uris/collections otherwise restricted..

I think we used to have something like that in demo-cat at some point..

grtjn avatar Dec 16 '15 20:12 grtjn

PR #334

janmichaelyu avatar May 02 '16 06:05 janmichaelyu