boris/Ecobuddy
1
0
Fork 0
Code Issues 12 Pull Requests Packages Projects 1 Releases Wiki Activity

Access Level Security Improvement #8

New Issue
Open
opened 2025-02-27 13:24:54 +00:00 by boris · 0 comments
boris commented 2025-02-27 13:24:54 +00:00
Owner
Copy Link

Access Level is currently determined by User.php using SetAccessLevel using session storage. This is insecure and could be modified by the user.
Login information could be solved by using websockets to ensure the logged in user is properly authenticated, rather than purely authorised. Alternatively, simple session tokens using JS could be used to save time.

Access Level is currently determined by User.php using SetAccessLevel using session storage. This is insecure and could be modified by the user. Login information could be solved by using websockets to ensure the logged in user is properly authenticated, rather than purely authorised. Alternatively, simple session tokens using JS could be used to save time.
boris added the
enhancement
 label 2025-02-27 13:24:54 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something is not working
duplicate
This issue or pull request already exists
enhancement
New feature
feature
Feature Request
help wanted
Need some help
invalid
Something is wrong
question
More information is needed
wontfix
This won't be fixed
No Label
enhancement
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
boris
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: boris/Ecobuddy#8
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?