Security

Server AccessToken

The Data+ Server is only accessible for extensions providing the same AccessToken. This may be configured to prevent unauthorized access.

WARNING

If your server is publicly reachable, you should change the AccessToken and create an entry in the Allowed Hostname list

Allowed hostnames v1.11.0+

By default all connections to the Data+ Server are allowed (still checking for the AccessToken though). Once any hostname has been set, every connection not originating in the Allowed hostname list will be denied.
A hostname is only the server name, no protocol or port required.

Allowed IPs v1.12.0+

Similiar to the Allowed hostname list, if any IP is set no other connection will be allowed. * can be used as a wildcard.
It is possible to differentiate the type of the allowed IP between basic extension and administration usage. This allows to enable all extension connections by creating an entry with * and extension enabled. And allow admin usage for IPs from the local network, e.g. 192.168.*.