Page MenuHomePhabricator

Production logstash should be protected by two-factor auth, at the least
Open, NormalPublic

Description

Many events include personally-identifying information such as client IP address, hence access is currently restricted to the NDA group (as I understand it). Login currently requires a username and password, with no second factor. This seems to be inadequate protection for private information.

Acceptance criteria:

  • Users can find the privacy policy and data controls used for logstash. Ideally we can link to existing documents.
  • Two-factor and any other access controls are configured.

Related Objects

Event Timeline

awight created this task.Thu, Nov 7, 11:41 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptThu, Nov 7, 11:41 AM
MoritzMuehlenhoff triaged this task as Normal priority.Mon, Nov 11, 8:26 AM

We're in the process of rolling out Apereo CAS (and initial services are getting migrated to it), see https://phabricator.wikimedia.org/T233921 and sub tasks.

Indeed what @MoritzMuehlenhoff said, we'll gain 2FA when CAS gets deployed more widely. Regarding the first point @awight where would it make sense to include the links to documentation in your opinion? Do we have existing examples to get inspiration?