Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

introduce $allowedIpConfiguration #902

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

thyseus
Copy link
Contributor

@thyseus thyseus commented Mar 30, 2017

Ip configuration that determines if an administrator can log in.
Defaults to null which means that no ip check is being performed.

Q A
Is bugfix? no
New feature? yes
Breaks BC? no

Ip configuration that determines if an administrator can log in.
Defaults to null which means that no ip check is being performed.
@thyseus thyseus force-pushed the allowed-ips-for-administrator branch from 0fc6e2f to 3bd0809 Compare March 30, 2017 15:00
@SamMousa
Copy link
Contributor

This would deny admins to login from unknown IPs, but not normal users.
Would it not make more sense to just NOT give them admin permissions instead?

@thyseus
Copy link
Contributor Author

thyseus commented May 23, 2017

This is an security improvement headed towards administrator users. But you are right, i am thinking about an even more flexible solution: a column allowed_ips in the user table so that users can be restricted to ip range(s) very flexibly. What do you think?

@thiagotalma
Copy link
Member

We need more opinions about this change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants