- 04 May, 2017 1 commit
-
-
Valery Sizov authored
-
- 25 Apr, 2017 1 commit
-
-
Timothy Andrew authored
- To prevent an attacker from enumerating the `/users` API to get a list of all the admins. - Display the `is_admin?` flag wherever we display the `private_token` - at the moment, there are two instances: - When an admin uses `sudo` to view the `/user` endpoint - When logging in using the `/session` endpoint
-
- 06 Mar, 2017 2 commits
-
-
Adam Niedzielski authored
-
Adam Niedzielski authored
-