Contributors mailing list archives
Re: Migration auth_admin_passkey to 11.0 and 12.0by
I would propose an OTP like process for the auth_admin_passkey and a change in the login process for the admin. It would be GDPR conform if the user has to generate an OTP first and give that to the admin who wants to access his account. The admin therefore needs his own password + the OTP from the user to login as a different user. The otp can have a lifetime as well.
I can try to migrate the module with the mentioned changes in the next days if there are no further concerns.
Am 17.06.19 um 09:17 schrieb Davide Corio:
Hi,I believe that the module itself is not a risk, using it the wrong way might be.
That module remains really useful during the development phase.
On Fri, Jun 14, 2019 at 3:52 PM Pedro M. Baeza (Tecnativa) <firstname.lastname@example.org> wrote:
Yes, server-auth is the good host. I think nobody has migrated yet because of the risks of vulnerating GDPR.
-- Mit freundlichen Grüßen Florian Kantelberg Softwareentwickler initOS GmbH An der Eisenbahn 1 21224 Rosengarten Tel.: +49 (0) 4105 5615644 Fax: +49 (0) 4105 5615610 Email: email@example.com Internet: http://www.initos.com Geschäftsführung: Dr.-Ing. Frederik Kramer & Dipl.-Ing. (FH) Torsten Francke Sitz der Gesellschaft: Rosengarten – Klecken Amtsgericht: Tostedt, HRB 205226 USt-IdNr: DE 815580155 Steuer-Nr: 15/200/53247