View Issue Details

IDProjectCategoryView StatusLast Update
0003686Composrcorepublic2019-07-12 21:21
ReporterChris GrahamAssigned ToPatrick Schmalstig 
PrioritynormalSeverityfeatureReproducibilityN/A
Status assignedResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0003686: More configurability of IP address session locking
DescriptionRather than having a global option about how sessions are restricted to IP address, make it configurable based on usergroup.

Possibilities (in decreasing order of security):
1) Check full IP
2) Check without last octet
3) Check same subnet
4) No check

A session would be restricted based on the highest security usergroup of the user behind that session.
Additional InformationThe problem is some users may be on CGNAT, or TOR, and have wild IP addresses. My view is that we can accept this for non-admins, but for admins we should by default give them extra security (which isn't perfect, but something).

Twitter thread: https://twitter.com/occhris/status/1042493166425960448
TagsRoadmap: v11
Attach Tags
Time estimation (hours)4
Sponsorship open0

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-09-25 18:55 Chris Graham New Issue
2019-06-27 19:03 Chris Graham Tag Attached: Roadmap: v11
2019-07-12 21:21 Chris Graham Assigned To => Patrick Schmalstig
2019-07-12 21:21 Chris Graham Status non-assigned => assigned