-
-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorization in admin ui #129
Comments
Hi there @MuratovAS 👋🏼 Thanks a lot for your comprehensive issue
|
Hi there
Hope this helps |
Wow. Thank you. A few thoughts.
|
Agreed, it's expected yes
Yes, but the login/password mechanism here is 1. not that bad, 2. relies on standards and on the Symfony stack which is ok and 3. a good option for 90% of users, so all in all I'm fine with leaving it + offering the option of strengthening the protection with each user's own choice by bypassing it (your suggestion that I added) |
I'm closing this for now since 4.4.1 was just released :) |
I studied the project a little.
I really like your application. Thank you.
I would like to point out some shortcomings.
I haven't found an easy way to disable admin authorization. I need to do this because I use the external authorization system
authelia
. I'm currently logging in twice.It would be cool to skip authorization ifADMIN_PASSWORD
is empty.The system allows you to brute-force determine the administrator's login. because the error indicates what exactly was entered incorrectly. On modern systems they usually write “login or password is incorrect”
Due to the extensive links in the admin menu, the proxy config is difficult to read. Also, before each update, I will have to check if anything new has been added.
The text was updated successfully, but these errors were encountered: