Make sure every route is login.required and allow FAS authorization
Given the nature of this application, the auth needs to be very strong. No, every single page here needs auth from a -main person "that depends" is mostly whether auth gets handled by the application or by httpd
Log in to comment on this ticket.