AcraServer web UI #16

gene-eu-zz · 2016-12-03T05:04:51Z

This is for the very distant future - a ticket to accumulate all suggestions for Web UI to control AcraServer. Each suggestion will turn into separate issue.

[ ] Enable WebUI via port knocking
[ ] MFA Authenticate WebUI via side channel (OTP delivery integration)

gene-eu-zz · 2017-03-04T08:04:34Z

(recording the conversation)

WebUI is a part of attack surface for crown's jewels, so we need it to be as secure as possible

[ ] Preferably, simple stateless interface
[ ] Typesafe inputs
[ ] OTP
[ ] Run WebUI as a parallel service in parallel user/container: harder to install, at least some compartmentation if attacker does RCE / fallthru
[ ] WebUI <> AcraServer via strong typed API, in a Thrift-like fashion (we will accept your garbage, we just won't process it anywhere).
[ ] IP ACL

vixentael · 2018-03-22T11:44:38Z

Implemented separate service for web UI config page with graceful restart. PRs: #123 #111

Some things like basic auth are moved into internal task tracker. Other suggestions are prioritized and put into backlog.

Will close this issue during release preparations

vixentael · 2018-04-13T16:11:38Z

docs -->
https://github.com/cossacklabs/acra/wiki/AcraConfigUI

gene-eu-zz added this to the 0.9 milestone Jan 27, 2017

vixentael assigned mozhmike Feb 23, 2018

vixentael added the acra-webconfig label Mar 30, 2018

vixentael closed this as completed Mar 30, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

AcraServer web UI #16

AcraServer web UI #16

gene-eu-zz commented Dec 3, 2016

gene-eu-zz commented Mar 4, 2017

vixentael commented Mar 22, 2018 •

edited

Loading

vixentael commented Apr 13, 2018

AcraServer web UI #16

AcraServer web UI #16

Comments

gene-eu-zz commented Dec 3, 2016

gene-eu-zz commented Mar 4, 2017

vixentael commented Mar 22, 2018 • edited Loading

vixentael commented Apr 13, 2018

vixentael commented Mar 22, 2018 •

edited

Loading