Konrad Windszus created SLING-11678:
---------------------------------------
Summary: Protect the Tooling Support Install servlet
Key: SLING-11678
URL: https://issues.apache.org/jira/browse/SLING-11678
Project: Sling
Issue Type: Improvement
Reporter: Konrad Windszus
Currently the endpoint provided by Tooling Support Endpoint doesn't require
authentication so every anonymous user can install arbitrary bundles.
I would suggest to migrate the endpoint to a [web console
plugin|https://felix.apache.org/documentation/subprojects/apache-felix-web-console/extending-the-apache-felix-web-console/providing-web-console-plugins.html]
to benefit from its built in authentication.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
