View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 2836 | Composr | core | public | 2016-09-20 18:29 | 2016-10-11 20:33 |
| Reporter | Chris Graham | Assigned To | Chris Graham | ||
| Priority | normal | Severity | feature | ||
| Status | resolved | Resolution | fixed | ||
| Summary | 2836: 2-factor authentication for maintenance scripts | ||||
| Description | If: a) 2-factor authentication (IP verify by email) has been turned on for any administrator group b) a new config option called something like "Auto-maintained 2-factor authentication for maintenance scripts" is enabled c) .htaccess is writable (If 'c' is not true then the 'b' option doesn't appear in the UI) Then whenever an IP verify is done by an administrator the .htaccess is updated to only allow access by that administrator, and other administor-verified-IPs to the maintenance scripts. The tut_security tutorial would need updating to reference this option, as currently it just shows manual code to add. | ||||
| Tags | Type: Security | ||||
| Attach Tags | |||||
| Time estimation (hours) | 3 | ||||
| Sponsorship open | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2016-09-20 18:29 | Chris Graham | New Issue | |
| 2016-09-20 18:29 | Chris Graham | Tag Attached: Type: Security | |
| 2016-10-04 21:43 | Chris Graham | Note Added: 0004369 | |
| 2016-10-11 20:33 | Chris Graham | Status | Not Assigned => Resolved |
| 2016-10-11 20:33 | Chris Graham | Resolution | open => fixed |
| 2016-10-11 20:33 | Chris Graham | Assigned To | => Chris Graham |
