Continuent Tungsten Dashboard has the following security limitations:
THERE IS NO API SECURITY YET - If you enable the API on the Manager, anyone may connect to it. Use your firewall to block port 8090 from non-essential hosts.
SSL (https) is not yet supported on the Manager API endpoints.
Please use Apache Basic Auth to lock down access to the Tungsten Dashboard GUI.
SSL (https) configuration for the Tungsten Dashboard is possible, but is beyond the scope of this document.
Locking only works on a single web server host, so if you have installed the Tungsten Dashboard on more than one host, the lock is not shared and is therefore ineffective.