IP Groups: Continue to support IP Groups for v4.0 and add better support for specifying ranges such as subnets. #700
Comments
|
Original Redmine Comment
Other partners subsequently weighed in on the importance of this feature: https://groups.google.com/d/msg/dataverse-community/hQO1UDMa-yY/GlhMVIbYR_8J |
scolapasta
modified the milestones:
Beta 8 - Dataverse 4.0,
Beta 7 (Permissions & Auth Branch) - Dataverse 4.0
|
Moving to Beta 9, with the rest of the groups. |
|
Role assignment via API now supported. Permissions granted to IP groups are given to the user as requested. Now struggling with the UI crashing in the roles page. |
…e role assignee lists in the UI
|
Ready for QA.
|
|
Encountered a foreign key constraint but realized I had not run the db updates. Works now. However, there is no key required for adding an ip group. Shouldn't there be? |
@michbarsinai this is just for testing, right? You'll be taking this out? Is there a ticket for this? Being able to spoof an IP address so easily is alarming. |
|
All of the create, list, delete functions work with basic test data. Having trouble assigning a role, have asked Michael for advice. |
|
@pdurbin indeed. But this is how apache tells Glassfish who sent the request originally. We can do a test, but I assume apache would overwrite the header if someone was spoofing it. |
Please keep in mind that we are not 100% sure that we will be fronting Glassfish with Apache we have only ever seen the session bug in #647 when Glassfish is fronted with Apache. @michbarsinai I'm asking you to think about the scenario where Glassfish is not fronted with Apache and the security implications of letting users specify the "X-Forwarded-For" header. |
|
very good point. also easy to solve. I'll open an issue.
|
|
Created #1368 |
|
Basic functionality in place, opened tickets for completing integration with rest of app. Closing |
Author Name: Kevin Condon (@kcondon)
Original Redmine Issue: 4156, https://redmine.hmdc.harvard.edu/issues/4156
Original Date: 2014-06-25
Original Assignee: Gustavo Durand
Retaining IP Group authentication was mentioned as being a requirement by a current partner.
Note: there are two types of notation we might consider supporting: subnetwork notation and CIDR notation.
This was originally requested here:
#60969: v2.0 - IP Groups: Need to support adding ip addresses by ranges that don't span entire octet.
https://help.hmdc.harvard.edu/Ticket/Display.html?id=60969
I recently needed to add some large ip address ranges that did not
cover the entire octet (number between the decimals).
For example: 199.94.0.-199.94.47. required me to enter 48 individual
addresses.
Then recently here:
#180843: Feature request: support for subnet notation when defining IP groups
https://help.hmdc.harvard.edu/Ticket/Display.html?id=180843
Not sure if this is on the agenda at all, and it's a minor point, but it
would be really useful to be able to define IP groups using subnet
notation rather than just * as a wildcard.
Our use case is, we have some universities with multiple class C
networks in the middle of a range. (e.g. 134.117.10-135). No easy way to
input this at present.
The text was updated successfully, but these errors were encountered: