[
https://issues.apache.org/jira/browse/UIMA-5206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15735666#comment-15735666
]
Lou DeGenaro commented on UIMA-5206:
------------------------------------
- Provide entry in ducc.properties to control the restrictions mode on
responses comprising user data
- Provide an externalized list of URI prefixes that are exempt from restrictions
- Allow requests when in unrestricted mode
- Allow requests when in restricted mode but URI is in exempt list
- Redirect non-exempt http requests to https when in encrypted mode, if possible
- Allow https non-exempt requests when in encrypted mode; deny http non-exempt
requests (if not redirected to https)
- Prevent non-exempt requests when in blocked mode (forbidden!)
> DUCC Web Server (WS) should provide restriction on responses comprising user
> data
> ---------------------------------------------------------------------------------
>
> Key: UIMA-5206
> URL: https://issues.apache.org/jira/browse/UIMA-5206
> Project: UIMA
> Issue Type: Improvement
> Components: DUCC
> Reporter: Lou DeGenaro
> Assignee: Lou DeGenaro
> Fix For: 2.2.0-Ducc
>
>
> DUCC WS should be configurable such that responses comprising user data can
> be prevented over http, instead requiring https.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
