Defect #32193
open
Add turn on/off button to control sending security notifications
Added by Hinako Tajima about 5 years ago.
Updated about 5 years ago.
Description
For sending security notifications, I wish to add the function that to make possible with controlling turn on/off by configuration or management console.
セキュリティ通知メールの送信を設定でON/OFFできるようにしてほしい。
- Related to Feature #21421: Security Notifications when security related things are changed added
I think the "Administration" page must not have such a setting. It can be abused by a malicious admin.
But I think adding a setting to turn off security notifications in config/configuration.yml is OK because only a few people can touch the file and those who can update the file and restart Redmine have many other ways to disable security notifications such as changing SMTP settings and modifying the source code of Redmine.
My idea of the configuration to control security notification is like this:
diff --git a/config/configuration.yml.example b/config/configuration.yml.example
index a8b6be83c..563b68f9f 100644
--- a/config/configuration.yml.example
+++ b/config/configuration.yml.example
@@ -175,6 +175,15 @@ default:
#sudo_mode: true
#sudo_mode_timeout: 15
+ # Sends a security notification when security-related things are changed.
+ # A user receives notifications when security-related changes are made to
+ # their account (e.g. password or email address).
+ # Admins receives notifications about security-related global settings or
+ # addition/removal of other admins.
+ # Enabled by default.
+ #
+ #security_notification: true
+
# Absolute path (e.g. /usr/bin/convert, c:/im/convert.exe) to
# the ImageMagick's `convert` binary. Used to generate attachment thumbnails.
#imagemagick_convert_command:
Go MAEDA wrote:
I think the "Administration" page must not have such a setting. [...]
I agree. If this is really something that we want to make configurable, which I would not prefer, the best place to do that is via the configuration.yml file.
@Hinako Tajima: could you please elaborate some more on the reasons why you want to have this configurable? What's the use case?
Go MAEDA wrote:
My idea of the configuration to control security notification is like this:
[...]
Thank you for your comment and your contribution to the configuration.
Mischa The Evil wrote:
@Hinako Tajima: could you please elaborate some more on the reasons why you want to have this configurable? What's the use case?
The user whose mail setting is "not send" as a default setting, but he/she can't control the setting for security notification. This is the reason why I required to add this function.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by