Currently, front end 'security' is only for cosmetic purposes. A user who logs only sees those modules they are permitted to see.
A user will be required to log in:
- Before each use (don't save login between sessions)
- After a set amount of time, such as 4 hours
Currently, we use basic authentication as a placeholder.
Our requirements for authentication + communication are:
- Users are only able to log in with correct user/password
- Comunication is encrypted between client and server
- Not vulnerable to man in middle attacks/spoofed server/
Our options for authentication in v1.0:
- OAuth + SSL
- 2-way SSL
- other authentication options
Log in Process