trivabble/trivabble
trivabble
/
trivabble
2
1
Fork 1
Code Issues 5 Pull Requests Projects Releases Wiki Activity

Make the trivabble site instance private #4

New Issue
Closed
opened 2022-10-11 20:31:24 +02:00 by viba1 · 4 comments
viba1 commented 2022-10-11 20:31:24 +02:00
Copy Link

Allowing (by configuration) to make the site private, so that only registered and authorized users can access the site.
For exemple, in order to secure exchanges on the chat and to protect the server against inappropriate uses.

Allowing (by configuration) to make the site private, so that only registered and authorized users can access the site. For exemple, in order to secure exchanges on the chat and to protect the server against inappropriate uses.
raph commented 2022-10-12 09:31:29 +02:00
Owner
Copy Link

Would a HTTP basic auth cover your use case? the site administrator can give a password to users and block access to people who don't have a password.

Managing registrations from Trivabble itself would add some complexity, but might make it more user-friendly, allowing users to change their passwords. However, open registrations would not prevent abuse. How do you think we should handle this? Invitations (through a link)?

We could avoid handling authentification and implement something like Oauth / Open ID (-Connect)

Would a HTTP basic auth cover your use case? the site administrator can give a password to users and block access to people who don't have a password. Managing registrations from Trivabble itself would add some complexity, but might make it more user-friendly, allowing users to change their passwords. However, open registrations would not prevent abuse. How do you think we should handle this? Invitations (through a link)? We could avoid handling authentification and implement something like Oauth / Open ID (-Connect)
viba1 commented 2022-10-18 23:21:59 +02:00
Author
Copy Link

Would a HTTP basic auth cover your use case? the site administrator can give a password to users and block access to people who don't have a password.
==> Yes, something like that

Maybe by considerating a technical solution like "Basic Login System" or described in this video: https://www.youtube.com/watch?v=-RCnNyD0L-s

Would a HTTP basic auth cover your use case? the site administrator can give a password to users and block access to people who don't have a password. ==> Yes, something like that Maybe by considerating a technical solution like "[Basic Login System](https://codeshack.io/basic-login-system-nodejs-express-mysql/)" or described in this video: https://www.youtube.com/watch?v=-RCnNyD0L-s
raph commented 2022-10-19 02:01:26 +02:00
Owner
Copy Link

Would a HTTP basic auth cover your use case? the site administrator can give a password to users and block access to people who don't have a password.

Yes, something like that

All right, so this is best implemented at the reverse-proxy level (Apache / Nginx), because they are both battle-tested.

I'd rather avoid adding a dependency on a DBMS and reimplementing a login system that risks not being very good / safe without a strong reason for it. A login system also has legal implications (GDPR for instance).

>> Would a HTTP basic auth cover your use case? the site administrator can give a password to users and block access to people who don't have a password. > Yes, something like that All right, so this is best implemented at the reverse-proxy level (Apache / Nginx), because they are both battle-tested. I'd rather avoid adding a dependency on a DBMS and reimplementing a login system that risks not being very good / safe without a strong reason for it. A login system also has legal implications (GDPR for instance).
viba1 commented 2022-10-25 14:51:06 +02:00
Author
Copy Link

Ok with your technical proposition
Issue could be tag as solved

Ok with your technical proposition Issue could be tag as solved
raph closed this issue 2023-03-27 12:37:22 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
develop
master
timer
rj-automatic-scoring
fix-non-rectangular-board
lmazet/trivabble-remove_spellckecker_button_if_no_dictionary_avaliable-2
fix_fragile_tile_location
lmazet/trivabble-help_message
rj-laser_pointer
prod-v20210805
prod-v20201017.1
prod-v20201017
prod-v20200713
prod-v20200607
prod-v20200523
prod-v20200517.2
prod-v20200517.1
prod-v20200517
prod-v20200503
prod-v20200501.3
prod-v20200501.2
prod-v20200501
prod-v20200428
prod-v20200425.3
prod-v20200425.2
prod-v20200425.1
prod-v20200425
prod-v20200423
prod-v20200416.2
prod-v20200416.1
prod-v20200416
prod-v20200415.2
prod-v20200415.1
prod-v20200415
prod-v20200414
prod-v20200412
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: trivabble/trivabble#4
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?