Currently ecflow use a white list file functionality, to control who has access to the server. (see ecFlow White list file).
In a closed system, this provides reasonable security, however, ecFlow is an open-source product and it would be easy possible for a malicious person to pose as another user to gain access to the server.
...
In ecflow 4.X.X user command(i.e. suspend,resume, etc) recorded the user name(UID). Hence it was easy to see who was issuing the commands. i.e. In the log file , and node log in the GUI.
This has now been beefed up to also record the machine/hostname hostname from where the user command was issued.
...