-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restinio Security #109
Comments
Thanks for the interesting link. I think there are several levels where security can and should be provided:
Your reference almost completely related to the third level. But at the current moment of RESTinio's evolution, our main task is to provide an appropriate quality for the first two levels. It's because we don't have plans to make RESTinio too high-level framework (like Oat++, for example) where most of the operations will be hidden from a user. With RESTinio a user has to describe routes and route parameters by his/herself. A user makes the decision about authentication schemes and related things. And so on. So he/she can use any reasonable security recommendations like the one mentioned by you. RESTinio is intended to make things simple, but not to hide all the details from a user. We want to add some features that can simplify a task for a user (like optional tools for limitation of request rate from an IP). But those tools will be just helpers. And a user will have to turn them on by his/herself. |
Is it feasible/possible to use HTTPS (aka TLS) with RESTinio? If so, how? |
How is security preparation for both of maintainers and restinio users ?
I hope some security advice with restinio specific code in your documentation.
I found this link : https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html and I hope you can use it for security advising doc in terms of that list.
In php world, here is some notable security advice of yii2 framework maintainers with yii2 specific codes : https://www.yiiframework.com/doc/guide/2.0/en/security-overview
Thank you for your restinio.
The text was updated successfully, but these errors were encountered: