Dataview Security

Authentication and Authorization Concerns

Dataview's early development efforts were focused on requiring authentication for all requests. Implementation of this requirement is straightforward as django provides a mechanism for requiring authentication for all requests. Future releases of dataview will expand on Authorization: first at a role level and finally at an object based level.

Security Team: Call to review

Generalized Concerns

• Certificate Pinning (what aspects of the certificate are pinned when using the requests library)

Internal Components

Third Party Components

• Django Guardian
• Django Rest Framework