Page MenuHomePhabricator

Allow a user to prevent logins except from approved IPs
Closed, DeclinedPublic


Author: falkeli

Given the high number of compromised accounts at en.wikipedia, I think that the following is a good partial solution:
On the preferences, allow a user to have the account locked to all IPs but the ones on a list which the user can edit. Automatically have any recent IPs used by the user be on the list, to make it easier for a user who doesn't know all of his/her IPs. Allow the use of ranges.

Version: unspecified
Severity: enhancement



Event Timeline

bzimport raised the priority of this task from to Lowest.Nov 21 2014, 9:50 PM
bzimport set Reference to bz10038.
bzimport added a subscriber: Unknown Object (MLST).

ayg wrote:

Seems to be basically the same as bug 9837, except looked at from a different angle (list maintained by user instead of general sysops; whitelist instead of blacklist). This way is probably not as good an idea, given that people might lose control of their IP addresses and be unable to log in again without sysadmin intervention.

Marking WONTFIX per bug 9837 and especially per comment #1.