Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Protecting content pulled via RESTful calls?

rcasazza
Champ in-the-making
Champ in-the-making

‎08-09-2010 01:16 PM

We have a requirement to allow websites to be built by having portions of the pages being pulled from CM via RESTful calls.

My concern is that these URLs are visible externally so that people could take them and poke around our content by changing the URL parameters.

One solution is to add an encrypted digest to the end of the URL call so modifications to the URL can be detected and denied.

The issue there is providing some *easy* way for the UI people to be able to create these URLs complete with the digested piece for their design.

Various standards allow for an authentication token to be issued upon user authentication and then presented back in subsequent calls, but this really doesn't solve this particular issue. You would be able to still look through the CM by changing the RESTful URL and passing the token back for each attempt to find new content.

Has anyone run into this issue? Dealt with it differently?

Thanks
Labels:
0 Kudos
1 REPLY 1

mrogers
Star Contributor
Star Contributor

‎08-09-2010 01:36 PM

I'm sure the "normal" way to deal with this sort of issue is to put alfresco (and your other infrastructure) behind a firewall so it is not accessable by unauthorised persons.     Or you can proxy just those bits of alfresco that you want to expose.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC