Workspace does not require authentication

[viharm]

I have been a long time user of Codiad and I love it, especially when combined with CodeGit.

However I have stumbled into a potential security issue.

I have setup external LDAP authentication to protect my instance of Codiad. However irrespective of which authentication source is used, it only protects Codiad's files. This authentication mechanism does not protect the project files in the workspaces.

I have tried to access some of my project's PHP scripts in the workspace area BASE_PATH/workspace/myproject/example.php and they work without having to login using Codiad's login page.

Is this by design? Shouldn't the workspaces and projects be secured with Codiad's security/login mechanisms? After all they reside within Codiad. Is there something I'm missing?

[basteyy]

Yep, its by design.