I'm new to Dashy, and I love it. I'm testing the authentification system and something is annoying me.
I particularly like the authentication system and the ability to show or hide certain elements to guests or authenticated users.
For example, I can include a section with bookmarks to local IPs that I don't want displayed to just anyone, that's great.
But one detail bothers me: even if I decide to hide these sections, their content can still be easily consulted by a guest. Either from the main menu, by clicking on the name of the configuration file at the bottom of the popup, or by directly opening the address my.dashboard.com/config.yml.
Hiding or not hiding these elements is only aesthetic and does not protect them.
I've already added a bit of CSS to hide the link in the menu, but that doesn't solve everything.
I feel like I'm missing something: is there a way to make the contents of this file inaccessible to non-admin users and guests? Without cutting off the possibility of consulting/editing the configuration from the UI for an administrator.
Have a nice day !
Category
Authentication
Please tick the boxes
[X] You are using a supported version of Dashy (check the first two digits of the version number)
Question
Hello there !
I'm new to Dashy, and I love it. I'm testing the authentification system and something is annoying me.
I particularly like the authentication system and the ability to show or hide certain elements to guests or authenticated users. For example, I can include a section with bookmarks to local IPs that I don't want displayed to just anyone, that's great.
But one detail bothers me: even if I decide to hide these sections, their content can still be easily consulted by a guest. Either from the main menu, by clicking on the name of the configuration file at the bottom of the popup, or by directly opening the address
my.dashboard.com/config.yml.Hiding or not hiding these elements is only aesthetic and does not protect them.
I've already added a bit of CSS to hide the link in the menu, but that doesn't solve everything.
I feel like I'm missing something: is there a way to make the contents of this file inaccessible to non-admin users and guests? Without cutting off the possibility of consulting/editing the configuration from the UI for an administrator.
Have a nice day !
Category
Authentication
Please tick the boxes