So, I don't currently use any local hub security. You can just open the GUI page from a local connection, no security required.
Since I've recently discovered the existence of endpoints where a browser merely has to browse to a particular address where administrative actions can be commanded without having to push any buttons. Are these endpoints secured by password if I enable local login security?
Speaking from HPM's viewpoint, the vast majority of what HPM does is use endpoints that provide a programatic interface to the button clicks. All of HPM's actions are prefaced with login logic.
A simple snippet from HPM:
def performUpdates(runInBackground) {
def resultData = [success: null, succeeded: [], failed: [], message: null]
if (!login()) {
resultData.message = triggerError("Error logging in to hub", "An error occurred logging into the hub. Please verify your Hub Security username and password.", runInBackground)
resultData.success = false
return resultData
}
That "if (!login()) {" is where it's checked. "login()" is called and if successful (no login credentials required OR the ones that have been entered are valid) then TRUE is returned and !login() = false and the following code is skipped and the Updates (in this example) proceed.