". If all paths were closed by default, forgetting to configure a path would not result in a security breach like today."
But it will still mean that unauthorized users are able to access, like guest being able to post to "/update". Just authenticating is not enough without proper authorization On Mon, Dec 14, 2015 at 3:59 PM, Jan Høydahl <jan....@cominvent.com> wrote: >> 1) "read" should cover all the paths > > This is very fragile. If all paths were closed by default, forgetting to > configure a path would not result in a security breach like today. > > /Jan -- ----------------------------------------------------- Noble Paul