Security should have its own configuration file
Currently all security related options are configured in the FLOW3.yaml configuration file. As this configuration will become more extensive in the future and justifies its own class, we should introduce setting files called "Security.yaml" and move all security related options to them.
#2 Updated by Robert Lemke over 10 years ago
Instead of moving all security related options to a Security.yaml file we should only externalize the policy section to a file called SecurityPolicies.yaml. The other options are comprehensive settings covering the whole security framework and therefore still belong to the FLOW3 Settings.yaml file.