Project

General

Profile

Actions

Feature #3727

open

Security: Session Hijacking erschweren

Added by Carsten Rose over 5 years ago. Updated about 1 month ago.

Status:
New
Priority:
High
Assignee:
Carsten Rose
Target version:
Start date:
13.05.2017
Due date:
% Done:

0%

Estimated time:
Discuss:
Prio Planung:

Description

  1. Problem 1: durch '[FE][lockIP] = 0' wird der Schutz gegen Session Hijacking fuer FE-User verringert.
  2. Problem 2: in QFQ ist kein 'Session Hijacking' based on changed IP detection implementiert.
Beides koennte leicht implementiert werden:
  • Zu 1)
    • Entweder eine Extension schreiben die gewisse IPs immer zulaesst (z.B. die lokalen IPs) - es gab entsrpechende Extensions.
    • Oder in QFQ diesen Check implementieren (z.B. in dem sich QFQ beendet, sollte der aktuelle FE User einer FE Gruppe angehoeren)
  • Zu 2) implementieren. Am besten aehnlich konfiguriert wird '[FE][lockIP]'
Actions #1

Updated by Carsten Rose about 5 years ago

  • Target version set to next9
Actions #2

Updated by Carsten Rose over 4 years ago

  • Target version changed from next9 to 18.10.3
Actions #3

Updated by Carsten Rose over 4 years ago

  • Assignee changed from Carsten Rose to Elias Villiger
Actions #4

Updated by Elias Villiger over 4 years ago

  • Assignee changed from Elias Villiger to Carsten Rose
Actions #5

Updated by Carsten Rose about 4 years ago

  • Target version changed from 18.10.3 to 18.12.1
Actions #6

Updated by Carsten Rose almost 4 years ago

  • Target version changed from 18.12.1 to 141
Actions #7

Updated by Carsten Rose over 3 years ago

  • Target version changed from 141 to QFQCD19 - waere gut
Actions #8

Updated by Carsten Rose almost 3 years ago

  • Status changed from New to Some day maybe
Actions #9

Updated by Carsten Rose almost 3 years ago

  • Status changed from Some day maybe to New
Actions #10

Updated by Carsten Rose almost 3 years ago

  • Target version changed from QFQCD19 - waere gut to next6
Actions #11

Updated by Carsten Rose over 1 year ago

  • Target version changed from next6 to next4
Actions #12

Updated by Carsten Rose about 1 month ago

  • Target version changed from next4 to high
Actions

Also available in: Atom PDF