Feature #3727: Security: Session Hijacking erschweren - QFQ - Project @ iMath

Feature #3727

Security: Session Hijacking erschweren

Added by Carsten Rose over 3 years ago. Updated 10 months ago.

Status:

New

Priority:

High

Assignee:

Target version:

Start date:

13.05.2017

Due date:

% Done:

0%

Estimated time:

Discuss:

Description

Problem 1: durch '[FE][lockIP] = 0' wird der Schutz gegen Session Hijacking fuer FE-User verringert.
Problem 2: in QFQ ist kein 'Session Hijacking' based on changed IP detection implementiert.

Beides koennte leicht implementiert werden:

Zu 1)
- Entweder eine Extension schreiben die gewisse IPs immer zulaesst (z.B. die lokalen IPs) - es gab entsrpechende Extensions.
- Oder in QFQ diesen Check implementieren (z.B. in dem sich QFQ beendet, sollte der aktuelle FE User einer FE Gruppe angehoeren)

Zu 2) implementieren. Am besten aehnlich konfiguriert wird '[FE][lockIP]'

#1

Updated by Carsten Rose about 3 years ago

Target version set to next4

#2

Updated by Carsten Rose over 2 years ago

Target version changed from next4 to 18.10.3

#3

Updated by Carsten Rose over 2 years ago

Assignee changed from Carsten Rose to Elias Villiger

#4

Updated by Elias Villiger over 2 years ago

Assignee changed from Elias Villiger to Carsten Rose

#5

Updated by Carsten Rose about 2 years ago

Target version changed from 18.10.3 to 18.12.1

#6

Updated by Carsten Rose almost 2 years ago

Target version changed from 18.12.1 to 141

#7

Updated by Carsten Rose over 1 year ago

Target version changed from 141 to QFQCD19 - waere gut

#8

Updated by Carsten Rose 12 months ago

Status changed from New to Some day maybe

#9

Updated by Carsten Rose 12 months ago

Status changed from Some day maybe to New

#10

Updated by Carsten Rose 10 months ago

Target version changed from QFQCD19 - waere gut to 20.12.0

Also available in: Atom PDF