-
-
Notifications
You must be signed in to change notification settings - Fork 396
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Transactions API #3923
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Implement a basic REST API for transactions. Since transactions are the backbone of the system, this needs to be super-secure so we should consider implementing our own authorization mechanism that mimics Spring Security using AOP
https://manbuildswebsite.com/2010/03/15/simple-aspects-using-annotations-in-grails/
Or we could also integrate spring security for API access only (we don't want to break what we're doing elsewhere) with the idea that we'll migrate the non-API actions after the Grails 3 migration.
And just to be more secure to start, we can make the API readonly unless a user has an explicit role or supported activity added to their account. That would prevent write access to APIs of instances that have not taken precautions related to their default admin user account.
The text was updated successfully, but these errors were encountered: