Web accessible mappings and security

Hi everybody,

I just wanted to point out that by default, any mapping created in the
admin is web accessible. It might be immediately obvious to most (not to
me, I only just thought of this), that this is a possible security issue
for your application since it bypasses all security measures at the front

You can uncheck this option, but only after the mapping is created. It’s
easy enough to forget to do this.


I always thought this was odd. It’s a useful feature but as you say, it exposes things by default that, by default you usually don’t want exposed.

Might be worth raising an issue so that the TAG can discuss it.


Mark Drew