- From: Jánszky Lajos via GitHub <sysbot+gh@w3.org>
- Date: Fri, 06 Jan 2023 17:22:16 +0000
- To: public-hydra-logs@w3.org
> On second thought, auth-specific operations would ideally be served dynamically in the API Documentation. Nowhere in the spec does it say that it is a static resource. Once logged, the documentation would then be expanded with the additional operations a client is allowed to invoke I thought about something similar for access control, to hide operations available only for admins. From security perspective it makes sense, because the attackers don't know exactly what they get when they manage to hack the system, so they might be less motivated because of this. -- GitHub Notification of comment by inf3rno Please view or discuss this issue at https://github.com/HydraCG/Specifications/pull/246#issuecomment-1373917487 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 6 January 2023 17:22:17 UTC