Ticket #117 (closed enhancement: wontfix)

Opened 10 months ago

Last modified 7 months ago

Add IP based access limitations to /admin

Reported by: h0bbel Owned by:
Priority: minor Milestone:
Component: Plugins Version:
Keywords: Cc:

Description

I suggest adding an admin option to block access to /admin/ based on IP. Some kind of plugin that enables administrators to block admin access, unless the client requesting it is on a IP whitelist.

Change History

Changed 10 months ago by dmondark

What if you went for a trip? or you are at some coffee shop and wanted to login to the back-end to do some admin tasks?

Assuming that the 'real' admin tasks (plugins management, blog options..etc) are not done often, this feature would not be practical to implement unless we have a full security model with privileges other than the admin privilege capable of performing other lower impact administration, mainly moderations.

Your thoughts?

Changed 10 months ago by morydd

  • version SVN deleted
  • component changed from Habari Core Software to Plugins
  • milestone 0.4 deleted

I would say this would definitely fall into the realm of a plugin. It would probably be easier to implement once we have ACL functioning.

Changed 9 months ago by skippy

Why not just use your .htaccess file to restrict access to the admin folder?

Changed 7 months ago by skippy

  • status changed from new to closed
  • resolution set to wontfix

This should be a plugin, for now. We can revisit this again when the ACL system matures, if folks feel it's necessary.

Note: See TracTickets for help on using tickets.