Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Restrict Web API usage on default credentials #18763

Conversation

sledgehammer999
Copy link
Member

@sledgehammer999 sledgehammer999 commented Mar 25, 2023

This more of a proof-of-concept. It isn't fully fleshed out.
I want to hear input first.
It is an alternative approach to PR #18735.

The HTML part would look like this:
Assume a new API endpoint /api/v2/auth/Level which returns Restricted on default credentials.
private/index.html ->onLoad check if Restricted. On yes, display form to change credentials. On no, load the UI.

@sledgehammer999 sledgehammer999 added Security Related to software vulnerability in qbt (don't overuse this) WebUI WebUI-related issues/changes WebAPI WebAPI-related issues/changes labels Mar 25, 2023
@sledgehammer999 sledgehammer999 added this to the 4.5.3 milestone Mar 25, 2023
@glassez
Copy link
Member

glassez commented Mar 25, 2023

This more of a proof-of-concept. It isn't fully fleshed out.
I want to hear input first.
It is an alternative approach to PR #18735.

This concept looks too cumbersome for me. I would still continue development based on #18735.

@sledgehammer999 sledgehammer999 modified the milestones: 4.5.3, 4.5.4 May 29, 2023
@sledgehammer999 sledgehammer999 modified the milestones: 4.5.4, 4.5.5 Jun 18, 2023
@glassez glassez removed this from the 4.5.5 milestone Jul 26, 2023
@github-actions
Copy link

This PR is stale because it has been 60 days with no activity. This PR will be automatically closed within 7 days if there is no further activity.

@github-actions github-actions bot added the Stale label Sep 25, 2023
@github-actions
Copy link

github-actions bot commented Oct 2, 2023

This PR was closed because it has been stalled for some time with no activity.

@github-actions github-actions bot closed this Oct 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Security Related to software vulnerability in qbt (don't overuse this) Stale WebAPI WebAPI-related issues/changes WebUI WebUI-related issues/changes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants