Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove session_key from admin by default #64

Merged
merged 4 commits into from
Jan 4, 2017
Merged

Remove session_key from admin by default #64

merged 4 commits into from
Jan 4, 2017

Conversation

naggie
Copy link
Contributor

@naggie naggie commented Jan 4, 2017

Exposing the session key via the admin interface could be considered unnecessary and
just makes it easier to impersonate a user which is, arguably, a
security risk.

The following PR makes this optional. I'd appreciate your opinion.

Thanks!
Callan Bryant

@naggie
Remove session_key from admin
2dd62bc 
IMO exposing the session key via the admin interface is unnecessary and
just makes it easier to impersonate a user which is, arguably, a
security risk.
@naggie
make display of session key optional
421f2db
@naggie
increment version to 1.3.2
e0bddaa
@Bouke Bouke self-requested a review January 4, 2017 11:50
Bouke
Bouke requested changes Jan 4, 2017
View reviewed changes
Copy link
Collaborator

@Bouke Bouke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@naggie thank you. I think it's sufficient to exclude that field by default (non-optional). If one wants the old behaviour back, a custom admin page could be created. Also there's no need to change setup.py; that will be handled as part of the release process. If you can make these changes, I'll merge the PR.

@naggie
Copy link
Contributor Author

naggie commented Jan 4, 2017

Great -- thanks for responding so fast!

@coveralls
Copy link

Coverage Status

Coverage increased (+0.03%) to 90.0% when pulling d523e53 on CydarLtd:no_session_key_in_admin into 8b7a336 on Bouke:master.

1 similar comment
@coveralls
Copy link

Coverage Status

Coverage increased (+0.03%) to 90.0% when pulling d523e53 on CydarLtd:no_session_key_in_admin into 8b7a336 on Bouke:master.

@Bouke Bouke merged commit 9ea3b01 into jazzband:master Jan 4, 2017
@coveralls
Copy link

Coverage Status

Coverage increased (+0.03%) to 90.0% when pulling d523e53 on CydarLtd:no_session_key_in_admin into 8b7a336 on Bouke:master.

1 similar comment
@coveralls
Copy link

Coverage Status

Coverage increased (+0.03%) to 90.0% when pulling d523e53 on CydarLtd:no_session_key_in_admin into 8b7a336 on Bouke:master.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Bouke Bouke Bouke approved these changes

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@naggie @coveralls @Bouke