A customer raised some questions about security when developing using Screens.
They are a bit scared about opening service invocation to the public world. While this is understandable, they also have to understand that to use something, they need to expose that something. This has been conveyed to the customer.
However, we could help to make the system a little bit more secure by adding information about the services each screenlet uses. This way, customer can restrict access to the very minimum (through portal configuration properties json.web.service.*).
Would it be possible to add information about what services and methods are invoked by each screenlet?