i am using the rest service of Kentico CMS version 6 and i access this service over the internet by Android App. the problem is this service must has the global administrator permission for a user service. so if anyone can hack the android app and get username and password , he will easily access all documents and objects and CMS Site Manager does not give me more options for each object and document while i need this user read only cms.user object only without delete by rest service.
do anyone solve this issue?
Have you checked out the rest authentication documentation? In there you can restrict which doc types and objects the REST service can access. If you leave the boxes empty, ALL items are assumed. Best to specify values. Also if you check READ ONLY, there will be no delete access. I understand you can't set permissions for each object there but you can set them per role or user outside of the Rest settings.
thank you for your reply,
now i am using the authentication hash to authenticate the URLs but it requires the authentication when i use the put and post methods.
Please advice on the below.
Please, sign in to be able to submit a new answer.