Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
70 lines (38 sloc) 2.39 KB

Privacy & Terms inspectors for Redmine

This page lists only recommendations that might be a problem for data security. It always depends on your personal use case. So always check on your own if the recommended settings make sense in your case.

Authentication

Authentication activation required. Otherwise all guest users (not logged in users) are also able to view content.

Protocol

Use HTTPS instead of HTTP to make sure every content is transfered encrypted. This is also a very important aspect in intranet solutions.

Admistrator amount

Limit the number of user accounts with administration rights. Ideally there should exist only one.

Password length

Make sure your password lenght is 8 or higher. Each additional character increases password security.

User role visibility all

Roles with user visibility ALL. You should check - according to your use case - if this setting is really necessary.

Example for user visibility

There is project A with:

  • User A
  • User B

There is project B with:

  • User B
  • User C

This is what user A sees with user visibility ALL:

  • User A
  • User B
  • User C

If you change user visibility of User A to "Members of visible projects" this user will only see:

  • User A
  • User B

The user does not see members of other projects, which makes more sense.

Inactive users

Registered users which have not been active in the system for more than 1 year. Please check those accounts in case they are not part of your team anymore. Maybe you should inactivate them.

Terms of use not accepted

(will only be displayed if the terms of use policy is activated)

Displays the number of users who have not accepted the terms of use.

Users with administration rights are not counted. Those users do not need to accept the terms of use.

Never logged in users

Registerd users which have not logged in yet. Please check those accounts in case they are not part of your team anymore. Maybe you should delete them.

Public projects

All public projects in your system. If users need to login all logged in users have access to them. If users don't need to log in on your system, every one has access to view the content.

You can’t perform that action at this time.