Aquest lloc web fa servir cookies pròpies i de tercers per millorar l’experiència de navegació, i oferir continguts i serveis d’interès. En continuar la navegació entenem que acceptes la nostra política de cookies. Per a més informació consulta aquí.
Vés al contingut principal
Logo oficial de Metadecidim
  • Català Triar la llengua Elegir el idioma Choose language
    • Castellano
    • English
Registra't Entra
  • Inici
  • Processos
  • Assemblees
  • Iniciatives
  • Consultes
  • Jornades
  • Ajuda

Proposa noves funcionalitats

#DecidimRoadmap Dissenyant el Decidim entre totes

Fase 1 de 1
Obert 01-01-2019 - 31-12-2030
Veure les fases Envia una proposta
  • El procés
  • Debats
  • Proposa noves funcionalitats
  • Novetats
chevron-left Torna al llistat

Impersonate user session ending gains admin access

Avatar: Antti Hukkanen Antti Hukkanen
20/09/2019 09:44  

The impersonate user session is being used in the towns that we know to provide manual verification at a physical location to a user. A town official will enter the person's details to the impersonation form and then give the computer to the person.

This works fine but one potential security issue it brings up is that when the session is ended from the top bar, the current user will gain back the rights to the impersonator's user account. This would be a problem if the impersonator is not closely following what the user is doing on the computer. Many times they are closely following or even assisting the user because this types of users generally have some issues working with the digital systems.

I would suggest that after the impersonation session is ended, the user would be asked to enter their password again. This would make it impossible for the impersonation user to gain access to or see something they should not have access to.

I wasn't sure if this is on purpose working as it works now, so I decided to post this as a feature proposal. However, this could potentially lead to some problems when there is a higher number of people.

  • Resultats al filtrar per la categoria: Registre i verificació Registre i verificació
Número d'adhesions0
Impersonate user session ending gains admin access Comentaris 0

Referència: MDC-PROP-2019-09-14797
Versió 1 (de 1) veure altres versions
Verifica l'empremta digital

Empremta digital

El text següent és una representació abreviada i hashejada d'aquest contingut. És útil per garantir que el contingut no hagi estat alterat, ja que una única modificació provocaria un valor totalment diferent.

Valor: b7070041d0e71dd9b53c75654e005cf5fa577d8d5a6118a5f51fe1876b174d38

Origen: {"body":{"en":"The impersonate user session is being used in the towns that we know to provide manual verification at a physical location to a user. A town official will enter the person's details to the impersonation form and then give the computer to the person.\r\n\r\nThis works fine but one potential security issue it brings up is that when the session is ended from the top bar, the current user will gain back the rights to the impersonator's user account. This would be a problem if the impersonator is not closely following what the user is doing on the computer. Many times they are closely following or even assisting the user because this types of users generally have some issues working with the digital systems.\r\n\r\nI would suggest that after the impersonation session is ended, the user would be asked to enter their password again. This would make it impossible for the impersonation user to gain access to or see something they should not have access to.\r\n\r\nI wasn't sure if this is on purpose working as it works now, so I decided to post this as a feature proposal. However, this could potentially lead to some problems when there is a higher number of people."},"title":{"en":"Impersonate user session ending gains admin access"}}

Aquesta empremta digital es calcula mitjançant un algoritme de hash SHA256. Per reproduir-lo tu mateix, pots utilitzar una Calculadora MD5 en línia i copiar-hi les dades d'origen.

Compartir:

link-intact Compartir l'enllaç

Compartir l'enllaç:

Si us plau, enganxa aquest codi a la teva pàgina:

<script src="https://meta.decidim.org/processes/roadmap/f/122/proposals/14797/embed.js?locale=ca"></script>
<noscript><iframe src="https://meta.decidim.org/processes/roadmap/f/122/proposals/14797/embed.html?locale=ca" frameborder="0" scrolling="vertical"></iframe></noscript>

Reportar contingut inapropiat

Aquest contingut no és apropiat?

Motiu

0 comentaris

Ordenar per:
  • Més antic
    • Més ben valorats
    • Recent
    • Més antic
    • Més discutit

Deixa el teu comentari

Inicia la sessió amb el teu compte o registra't per afegir el teu comentari.

Carregant els comentaris ...

  • Termes i condicions d'ús
  • Sobre la comunitat
  • Descarrega els fitxers de dades obertes
  • Metadecidim a Twitter Twitter
  • Metadecidim a Instagram Instagram
  • Metadecidim a YouTube YouTube
  • Metadecidim a GitHub GitHub
Amb llicència Creative Commons Web creada amb programari lliure.
Logo Decidim

Confirmar

D'acord Cancel·lar

Si us plau, inicia sessió

decidim Inicia sessió amb Decidim
O

Registra't

Has oblidat la teva contrasenya?