[Davical-general] Problems of access rights

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Davical-general] Problems of access rights

pcouderc
Are there news of https://gitlab.com/davical-project/davical/issues/59 ?

It is very critical  that any user can have administrator access to all
resources.



------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problems of access rights

Florian Schlichting-2
Hi Pierre,

On Fri, Apr 15, 2016 at 09:48:34AM +0200, Pierre Couderc wrote:
> Are there news of https://gitlab.com/davical-project/davical/issues/59 ?
>
> It is very critical  that any user can have administrator access to all
> resources.

I am not aware of anybody working on this right now, so no.

But rest assured that while any user can know about the existence
of any collection on the server, that doesn't mean they have the
authority to change or view the contents of those collections.

If you are bothered by the ability to list principals and collections,
you could have the web server restrict access to index.php/admin.php to
"real" administrators (who would then have to carry out the
administrative tasks for their users, though).

Florian


------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problems of access rights

Andrew McMillan-2
If this is an issue for you then you can mitigate this issue by
restricting the DAViCal admin interface to only be available on a
particular IP address.

Cheers,
Andrew.

On Fri, 2016-04-15 at 16:49 +0200, Florian Schlichting wrote:

> Hi Pierre,
>
> On Fri, Apr 15, 2016 at 09:48:34AM +0200, Pierre Couderc wrote:
> >
> > Are there news of https://gitlab.com/davical-project/davical/issues
> > /59 ?
> >
> > It is very critical  that any user can have administrator access to
> > all 
> > resources.
> I am not aware of anybody working on this right now, so no.
>
> But rest assured that while any user can know about the existence
> of any collection on the server, that doesn't mean they have the
> authority to change or view the contents of those collections.
>
> If you are bothered by the ability to list principals and
> collections,
> you could have the web server restrict access to index.php/admin.php
> to
> "real" administrators (who would then have to carry out the
> administrative tasks for their users, though).
>
> Florian
>
>
> -------------------------------------------------------------------
> -----------
> Find and fix application performance issues faster with Applications
> Manager
> Applications Manager provides deep performance insights into multiple
> tiers of
> your business applications. It resolves application problems quickly
> and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
> _______________________________________________
> Davical-general mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/davical-general
--
------------------------------------------------------------------------
https://google.com/+AndrewMcMillan                      Dublin, Ireland
                                                     +353 (87) 372 7098

Writing is turning one's worst moments into money.
                -- J.P. Donleavy
------------------------------------------------------------------------


------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general
Loading...