Continuent Tungsten Dashboard has the following security limitations:
THERE IS NO API SECURITY in versions less than v7.0.0 - If you enable the API on the Manager, anyone may connect to it. Use your firewall to block port 8090 from non-essential hosts.
SSL (https) is not supported on the Manager API endpoint in versions less than v7.0.0
Please use Apache Basic Auth to lock down access to the Tungsten Dashboard GUI.
SSL (https) configuration for the Tungsten Dashboard is possible, but is beyond the scope of this document.
Locking only works on a single web server host, so if you have installed the Tungsten Dashboard on more than one host, the lock is not shared and is therefore ineffective.