Propose new features
Designing Decidim together
Impersonate user session ending gains admin access
Report inappropriate content
Is this content inappropriate?
We use cookies to ensure the basic functionalities of the website and to enhance your online experience. You can choose for each category to opt-in/out whenever you want.
These cookies are essential for the proper functioning of my website. Without these cookies, the website would not work properly.
These cookies allow the website to remember the choices you have made in the past
Analytics cookies are cookies that track how users navigate and interact with a website. The information collected is used to help the website owner improve the website.
These cookies collect information about how you use the website, which pages you visited and which links you clicked on.
Designing Decidim together
The piece of text below is a shortened, hashed representation of this content. It's useful to ensure the content hasn't been tampered with, as a single modification would result in a totally different value.
Value:
b7070041d0e71dd9b53c75654e005cf5fa577d8d5a6118a5f51fe1876b174d38
Source:
{"body":{"en":"The impersonate user session is being used in the towns that we know to provide manual verification at a physical location to a user. A town official will enter the person's details to the impersonation form and then give the computer to the person.\r\n\r\nThis works fine but one potential security issue it brings up is that when the session is ended from the top bar, the current user will gain back the rights to the impersonator's user account. This would be a problem if the impersonator is not closely following what the user is doing on the computer. Many times they are closely following or even assisting the user because this types of users generally have some issues working with the digital systems.\r\n\r\nI would suggest that after the impersonation session is ended, the user would be asked to enter their password again. This would make it impossible for the impersonation user to gain access to or see something they should not have access to.\r\n\r\nI wasn't sure if this is on purpose working as it works now, so I decided to post this as a feature proposal. However, this could potentially lead to some problems when there is a higher number of people."},"title":{"en":"Impersonate user session ending gains admin access"}}
This fingerprint is calculated using a SHA256 hashing algorithm. In order to replicate it yourself, you can use an MD5 calculator online and copy-paste the source data.
<script src="https://meta.decidim.org/processes/roadmap/f/122/proposals/14797/embed.js"></script>
<noscript><iframe src="https://meta.decidim.org/processes/roadmap/f/122/proposals/14797/embed.html" frameborder="0" scrolling="vertical"></iframe></noscript>
Is this content inappropriate?
You need to enable all cookies in order to see this content.
Change cookie settings
0 comments
Loading comments ...
Add your comment
Sign in with your account or sign up to add your comment.
Loading comments ...