Make the trivabble site instance private #4
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Allowing (by configuration) to make the site private, so that only registered and authorized users can access the site.
For exemple, in order to secure exchanges on the chat and to protect the server against inappropriate uses.
Would a HTTP basic auth cover your use case? the site administrator can give a password to users and block access to people who don't have a password.
Managing registrations from Trivabble itself would add some complexity, but might make it more user-friendly, allowing users to change their passwords. However, open registrations would not prevent abuse. How do you think we should handle this? Invitations (through a link)?
We could avoid handling authentification and implement something like Oauth / Open ID (-Connect)
Would a HTTP basic auth cover your use case? the site administrator can give a password to users and block access to people who don't have a password.
==> Yes, something like that
Maybe by considerating a technical solution like "Basic Login System" or described in this video: https://www.youtube.com/watch?v=-RCnNyD0L-s
All right, so this is best implemented at the reverse-proxy level (Apache / Nginx), because they are both battle-tested.
I'd rather avoid adding a dependency on a DBMS and reimplementing a login system that risks not being very good / safe without a strong reason for it. A login system also has legal implications (GDPR for instance).
Ok with your technical proposition
Issue could be tag as solved