It's a good idea and can be landed on Dashboard quickly. Best Regards! @ Zhiyuan Ju <https://www.shaoyaoju.org/>
doggieと杨 <[email protected]> 于2020年2月27日周四 下午7:02写道: > this is a good way. > > > > > ------------------ 原始邮件 ------------------ > 发件人: "YuanSheng Wang"<[email protected]>; > 发送时间: 2020年2月27日(星期四) 晚上6:58 > 收件人: "[email protected]"<[email protected]>; > > 主题: [Discussion] Add a key-based authentication to the dashboard > > > > Hi: > > After the Apache APISIX instance is started, the current Admin API does not > have any authentication verification mechanism, which is very insecure for > users. > > I recommend adding a simple KEY token authentication to the Admin API. > > For example, specifying a whitelist of allowed tokens directly in > `conf/config.yaml` might be an easy way. > > > > -- > *MembPhis* > My github: https://github.com/membphis > Apache APISIX: https://github.com/apache/incubator-apisix
