Uploaded image for project: 'Mobile'
  1. Mobile
  2. MOBILE-3401

Mobile apps should not include username as part of api calls where possible

    Details

    • Type: Improvement
    • Status: New (View Workflow)
    • Priority: Unprioritized
    • Resolution: Unresolved
    • Affects Version/s: iOS 2.4, Android 1.7.0
    • Fix Version/s: None
    • Component/s: App Internals
    • Security Level: external (External user)
    • Labels:
    • Security Severity:
      None

      Description

      Calls from the mobile app should not include the username as part of the URL as this exposes more information than necessary to a potential hacker simply but looking at network traffic.

      In addition this makes customizations more difficult e.g. to allow login via email address instead of username

      e.g.
      instead of
      /alfresco/api/default/public/alfresco/versions/1/people/myemail@example.com/favorites?where=(EXISTS(target/file))&maxItems=50&skipCount=0

      use
      /alfresco/api/default/public/alfresco/versions/1/people/me/favorites?where=(EXISTS(target/file))&maxItems=50&skipCount=0

      see also tasks

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              mobileteam Mobile Team Unassigned
              Reporter:
              idwright Ian Wright
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: