Author: hemanshu_desai
Description:
MediaWiki allows people to login under same username from different computers at
the same time. This means that if I forget to logout from a computer, anyone at
that computer can access Wikipedia and pretend to be me. This is a security hazard.
Version: unspecified
Severity: enhancement
| Title | Reference | Author | Source Branch | Dest Branch | |
|---|---|---|---|---|---|
| docker-hub-mirror: Use chart 1.7.0 | repos/releng/gitlab-cloud-runner!378 | dancy | main-Ic3976a0a0e2478b35f4d2a95901dbadd1de54df3 | main | |
| Chart 1.7.0: Add workaround for https://github.com/distribution/distribution/issues/2367 | repos/releng/docker-hub-mirror!34 | dancy | main-I91e047b8a2f12671b77f6a6138acf15d0f195466 | main | |
| Remove MetricsClient#dispatch() | repos/data-engineering/metrics-platform!31 | phuedx | work/phuedx/T354823 | main | |
| d/changelog: bump to 0.0.13 | repos/cloud/toolforge/builds-cli!56 | raymond-ndibe | bump_version | main | |
| docker-hub-mirror: Use chart 1.6.0 and enable debugging | repos/releng/gitlab-cloud-runner!309 | dancy | main-I523d0628677e6cfd6b4e5090783d0a91053a7c86 | main | |
| Chart 1.6.0: Use registry version 2.8.3 | repos/releng/docker-hub-mirror!33 | dancy | main-If32043bc39e96cbc0a0b7ff3874454381b38d4a1 | main | |
| builds-api: bump to 0.0.122-20240117053308-11168593 | repos/cloud/toolforge/toolforge-deploy!176 | project_1317_bot_df3177307bed93c3f34e421e26c86e38 | bump_builds-api | main | |
| [Java] Update submit methods to require stream name | repos/data-engineering/metrics-platform!22 | cjming | T354819/java-require-stream-name | main | |
| [builds-api] increase build init wait timeout | repos/cloud/toolforge/builds-api!70 | raymond-ndibe | increate_build_init_wait_time | main | |
| builds-builder: bump to 0.0.88-20240111172456-b0def00a | repos/cloud/toolforge/toolforge-deploy!174 | project_1317_bot_df3177307bed93c3f34e421e26c86e38 | bump_builds-builder | main | |
| bump_version/build_deb: use podman binary if podman detected | repos/cloud/toolforge/builds-cli!50 | dcaro | use_podman_binary | main | |
| dotnet: add procfile buildpack | repos/cloud/toolforge/builds-builder!28 | dcaro | add_procfile_to_dotnet | main |
| Unknown Object (Diffusion Commit) |
richholton wrote:
I would be against this kind of feature, unless it was an individual user option.
I setup my laptop to "remember me between sessions". Basically, I never logout.
I would be very disappointed if this would mean I could not use Wikipedia from
another system.
Also, it would really do nothing to help security. If you forget to logout from
computer A, how will preventing you from logging in from computer B help?
Computer A remains open for anyone to use either way.
hemanshu_desai wrote:
(In reply to comment #1)
I would be against this kind of feature, unless it was an individual user option.
Also, it would really do nothing to help security. If you forget to logout from
computer A, how will preventing you from logging in from computer B help?
Computer A remains open for anyone to use either way.
The idea is not to prevent login from computer B but if same login is from
computer B, the user from computer A should be logged off automatically... again
when you login on computer A, the login at computer B should expire so that
noone else can use it.
Hemanshu
richholton wrote:
The idea is not to prevent login from computer B but if same login is from
computer B, the user from computer A should be logged off automatically... again
when you login on computer A, the login at computer B should expire so that
noone else can use it.
Of course. This makes sense. However, if someone has "remember password across
sessions" checked in preferences, then this would not occur. Am I correct?
I am totally against that feature, I use the same account on multiple
computers and browsers at home.
Users should probably remember to logout when they use their account
on another computer.
Changed severity to enhancement and priority to low, given the opposing comments
above.