Project

General

Profile

Actions

Patch #27009

closed

Clarify consequences of disabling the login_required setting

Added by Holger Just about 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
UI
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

When an administrator disabled the login_required setting and/or sets projects as public, this can have grave consequences for the protection of the data in-house projects. If this is done carelessly, confidential data might be exposed to undesired audiences (e.g. the global unauthenticated internet).

The attached patches try to make the consequences of these settings clearer by making them more prominent and explain their consequences to the user. This helps admins and project managers make the correct decisions.

We use these patches on Planio where all accounts require authentication by default. But even for "older" Redmine installations which might have some internal public projects it might still be surprising that they are suddenly public when not enforcing authentication anymore.


Files


Related issues

Related to Redmine - Feature #35044: Show notice on project's overview page when the project is publicNew

Actions
Actions

Also available in: Atom PDF