-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Read only public interface #74
Comments
Hi @nijel, do we still want users to first 'Login with Github' and then we decide which interface (read-only or current) to show based on whether the user has commit access to OR let the tool's read-only interface be accessible to everyone without logging in and for editing/updating the reports, the user has to login? |
Just my two cents, but I'd be a little nervous about providing an anonymous interface that would risk leaking IP addresses, URLs, or user email addresses. Of course, since I'm part of the project team, I can't see what that interface looks like right now, so it might be fine; I'd just be cautious.
|
The problem I see right now is that we link error reports from GitHub and it's not really possible for non team member to figure out details. That's why I was proposing this. Having this behind GitHub authentication would block it from being indexed by bots, what is probably desirable. Alternative approach might be to include more information in the GitHub comments, so that going into the report is not necessary, but I'm not sure this is good approach either. We don't store any IP address or private URLs, unless user enters this into the error message, so there really should not be anything to leak (that was one of intentions when creating error reports, to not store any sensitive data there). PS: Anyway we should not collect anything what can be considered personal data, otherwise we would be hit by GDPR. |
Okay, that sounds good to me. Obviously, I couldn't remember what exactly
was stored directly, so I probably should have looked before commenting.
|
Fix phpmyadmin#74 * Allow read-only access to reports and incidents views for non-team developers Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>
Fix phpmyadmin#74 * Allow read-only access to reports and incidents views for non-team developers Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>
Fix phpmyadmin#74 * Allow read-only access to reports and incidents views for non-team developers Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>
Once we sort out performance issues, the tool should provide public read only interface.
The text was updated successfully, but these errors were encountered: