Secure Sync Gateway Admin Interface
So one can secure the Sync REST APIs but how do I secure the Admin REST APIs?
Sync REST APIs are managed by the client where clients have logins but the Admin REST API must also be protected.
There really needs to be some form of authentication on this interface.
Allowing anyone with local access (legit or otherwise) to execute user/server management commands to an unauthenticated open local port creates unnecessary exposure.