Just a few questions about new security features of EventStore. I couldn’t find answers to them in Security doc.
Basically I’m setting up an EventStore server in Windows Azure and wanted to make it available to a few other azure virtual machines in different subscriptions based on user/pass credentials. Ideally some credentials would have really limited access to some streams.
- How do we secure Web UI (2113)? Currently I can connect to this UI and stop server or view information.
- How do we prevent unauthorised users from creating streams over TCP? Currently I can connect as non-authenticated user and create a random stream (and start appending to it)?