- SSL
- Authentication
- CSRF
- DDoS-resistent
- etc.
Description
Description
Revisions and Commits
Revisions and Commits
R10 PollingCenter Web Server | |||
R10:eb26a50ca13f do not let disabled user login and check permission in account API | |||
R10:f7aaca81bf6d add "remember me" for login | |||
R10:67c1d02b28c0 add password hash with bcrypt | |||
R10:71403f5eaef5 using spring-security |
Event Timeline
Comment Actions
Authentication and CSRF is implemented with spring-security
Other issues:
- Password hash
- SSL and certificate
Comment Actions
- Disabled user could not login now
- User would be logout (session expired) immediately when being disabled
- Add ROLE_ADMIN checking for Account REST API