- 25 4月, 2017 1 次提交
-
-
由 Timothy Andrew 提交于
- To prevent an attacker from enumerating the `/users` API to get a list of all the admins. - Display the `is_admin?` flag wherever we display the `private_token` - at the moment, there are two instances: - When an admin uses `sudo` to view the `/user` endpoint - When logging in using the `/session` endpoint
-
- 27 3月, 2017 1 次提交
-
-
由 George Andrinopoulos 提交于
-
- 22 2月, 2017 1 次提交
-
-
由 Robert Schilling 提交于
-
- 20 2月, 2017 1 次提交
-
-
由 Robert Schilling 提交于
-
- 17 2月, 2017 1 次提交
-
-
由 Robert Schilling 提交于
-