Opened 8 years ago

Closed 7 years ago

Last modified 7 years ago

#1034 closed defect (duplicate)

sessionauth authentication service must check for IP

Reported by: rambo Owned by: tepehe
Priority: blocker Milestone:
Component: MidCOM core Version: 9.03 Vinland
Keywords: Cc:

Description

to prevent session hijacking, it must be possible to disable this check via configuration for cases where admins do not care about session hijacks.

Added bonus would be if the IP check could be disabled separately for admin and user accounts, so normal users could be open to hijacking (or to put it other way; have their long sessionc on mobile devices "just work") but admins would not.

Change History (7)

comment:1 Changed 8 years ago by rambo

  • Component changed from Midgard Core to MidCOM core
  • Owner changed from piotras to bergie

comment:2 Changed 8 years ago by bergie

  • Milestone changed from 9.03 Vinland to 9.03.1 Vinland

comment:3 Changed 8 years ago by bergie

  • Owner changed from bergie to tepehe

comment:4 Changed 8 years ago by bergie

  • Milestone changed from 9.03.1 Vinland to 9.09 Mjolnir

comment:5 Changed 8 years ago by bergie

  • Milestone changed from 9.09 Mjolnir to 10.03 Ratatoskr
  • Priority changed from major to blocker

comment:6 Changed 7 years ago by bergie

  • Resolution set to duplicate
  • Status changed from new to closed

comment:7 Changed 7 years ago by anonymous

  • Milestone 10.05.1 Ratatoskr deleted

Milestone 10.05.1 Ratatoskr deleted

Note: See TracTickets for help on using tickets.