View Issue Details

IDProjectCategoryView StatusLast Update
0003686Composrcorepublic2019-07-12 21:21
ReporterChris GrahamAssigned ToPatrick Schmalstig 
Status assignedResolutionopen 
Product Version 
Fixed in Version 
Summary0003686: More configurability of IP address session locking
DescriptionRather than having a global option about how sessions are restricted to IP address, make it configurable based on usergroup.

Possibilities (in decreasing order of security):
1) Check full IP
2) Check without last octet
3) Check same subnet
4) No check

A session would be restricted based on the highest security usergroup of the user behind that session.
Additional InformationThe problem is some users may be on CGNAT, or TOR, and have wild IP addresses. My view is that we can accept this for non-admins, but for admins we should by default give them extra security (which isn't perfect, but something).

Twitter thread:
TagsRoadmap: v11
Attach Tags
Time estimation (hours)4
Sponsorship open0


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-09-25 18:55 Chris Graham New Issue
2019-06-27 19:03 Chris Graham Tag Attached: Roadmap: v11
2019-07-12 21:21 Chris Graham Assigned To => Patrick Schmalstig
2019-07-12 21:21 Chris Graham Status non-assigned => assigned