Feature #3727
Security: Session Hijacking erschweren
Start date:
13.05.2017
Due date:
% Done:
0%
Estimated time:
Discuss:
Description
- Problem 1: durch '[FE][lockIP] = 0' wird der Schutz gegen Session Hijacking fuer FE-User verringert.
- Problem 2: in QFQ ist kein 'Session Hijacking' based on changed IP detection implementiert.
- Zu 1)
- Entweder eine Extension schreiben die gewisse IPs immer zulaesst (z.B. die lokalen IPs) - es gab entsrpechende Extensions.
- Oder in QFQ diesen Check implementieren (z.B. in dem sich QFQ beendet, sollte der aktuelle FE User einer FE Gruppe angehoeren)
- Zu 2) implementieren. Am besten aehnlich konfiguriert wird '[FE][lockIP]'
History
#1
Updated by Carsten Rose about 3 years ago
Updated by - Target version set to next4
#2
Updated by Carsten Rose over 2 years ago
- Target version changed from next4 to 18.10.3
#3
Updated by Carsten Rose about 2 years ago
- Assignee changed from Carsten Rose to Elias Villiger
#4
Updated by Elias Villiger about 2 years ago
Updated by - Assignee changed from Elias Villiger to Carsten Rose
#5
Updated by Carsten Rose almost 2 years ago
- Target version changed from 18.10.3 to 18.12.1
#6
Updated by Carsten Rose almost 2 years ago
- Target version changed from 18.12.1 to 141
#7
Updated by Carsten Rose over 1 year ago
- Target version changed from 141 to QFQCD19 - waere gut
#8
Updated by Carsten Rose 9 months ago
- Status changed from New to Some day maybe
#9
Updated by Carsten Rose 9 months ago
- Status changed from Some day maybe to New
#10
Updated by Carsten Rose 8 months ago
- Target version changed from QFQCD19 - waere gut to 20.10.1