This site uses cookies. By continuing to browse the site, you agree to our use of cookies. Find out more about cookies.
Skip to main content
Metadecidim's official logo
  • English Triar la llengua Elegir el idioma Choose language
    • Català
    • Castellano
Sign Up Sign In
  • Home
  • Processes
  • Assemblies
  • Initiatives
  • Consultations
  • Conferences
  • Help

Propose new functionalities for Decidim software

#DecidimRoadmap Designing Decidim together

Phase 1 of 1
Open 2019-01-01 - 2030-12-31
Process phases Submit a proposal
  • The process
  • Debates
  • Propose new features
  • News
chevron-left Back to list

Impersonate user session ending gains admin access

Avatar: Antti Hukkanen Antti Hukkanen
20/09/2019 09:44  

The impersonate user session is being used in the towns that we know to provide manual verification at a physical location to a user. A town official will enter the person's details to the impersonation form and then give the computer to the person.

This works fine but one potential security issue it brings up is that when the session is ended from the top bar, the current user will gain back the rights to the impersonator's user account. This would be a problem if the impersonator is not closely following what the user is doing on the computer. Many times they are closely following or even assisting the user because this types of users generally have some issues working with the digital systems.

I would suggest that after the impersonation session is ended, the user would be asked to enter their password again. This would make it impossible for the impersonation user to gain access to or see something they should not have access to.

I wasn't sure if this is on purpose working as it works now, so I decided to post this as a feature proposal. However, this could potentially lead to some problems when there is a higher number of people.

  • Filter results for category: Registration and Verification Registration and Verification
Endorsements count0
Impersonate user session ending gains admin access Comments 0

Reference: MDC-PROP-2019-09-14797
Version number 1 (of 1) see other versions
Check fingerprint

Fingerprint

The piece of text below is a shortened, hashed representation of this content. It's useful to ensure the content hasn't been tampered with, as a single modification would result in a totally different value.

Value: b7070041d0e71dd9b53c75654e005cf5fa577d8d5a6118a5f51fe1876b174d38

Source: {"body":{"en":"The impersonate user session is being used in the towns that we know to provide manual verification at a physical location to a user. A town official will enter the person's details to the impersonation form and then give the computer to the person.\r\n\r\nThis works fine but one potential security issue it brings up is that when the session is ended from the top bar, the current user will gain back the rights to the impersonator's user account. This would be a problem if the impersonator is not closely following what the user is doing on the computer. Many times they are closely following or even assisting the user because this types of users generally have some issues working with the digital systems.\r\n\r\nI would suggest that after the impersonation session is ended, the user would be asked to enter their password again. This would make it impossible for the impersonation user to gain access to or see something they should not have access to.\r\n\r\nI wasn't sure if this is on purpose working as it works now, so I decided to post this as a feature proposal. However, this could potentially lead to some problems when there is a higher number of people."},"title":{"en":"Impersonate user session ending gains admin access"}}

This fingerprint is calculated using a SHA256 hashing algorithm. In order to replicate it yourself, you can use an MD5 calculator online and copy-paste the source data.

Share:

link-intact Share link

Share link:

Please paste this code in your page:

<script src="https://meta.decidim.org/processes/roadmap/f/122/proposals/14797/embed.js"></script>
<noscript><iframe src="https://meta.decidim.org/processes/roadmap/f/122/proposals/14797/embed.html" frameborder="0" scrolling="vertical"></iframe></noscript>

Report inappropriate content

Is this content inappropriate?

Reason

0 comments

Order by:
  • Older
    • Best rated
    • Recent
    • Older
    • Most discussed

Add your comment

Sign in with your account or sign up to add your comment.

Loading comments ...

  • Terms and conditions of use
  • About the community
  • Download Open Data files
  • Metadecidim at Twitter Twitter
  • Metadecidim at Instagram Instagram
  • Metadecidim at YouTube YouTube
  • Metadecidim at GitHub GitHub
Creative Commons License Website made with free software.
Decidim Logo

Confirm

OK Cancel

Please sign in

decidim Sign in with Decidim
Or

Sign up

Forgot your password?