is it safe to enable api access for all users ? What are the repercussions for doing so?
What happens if a user gets hacked? A hacker may use the API aswell.
The least permissions you give, the better.
Yes it is save to enable the current settings for all users
The only have limited functions available.
and
And only listed to their own account.
API access the users get are extremely limited and almost “needed” for optimal run of fastcgi cache
Even if I give you my Access/Key combination for a user you can’t do a lot: For example:
purge-nginx-cache permissions only give you to list the users web domains and purge the cache
The old api only remains for admin user only or with the generated api key (root user only)
Thank you for clarifying. Keep up the good work
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.