search

SouthGreenPlatform / Gigwa2

GNU Affero General Public License v3.0
9 stars 8 forks source link

Option to disable login #37

Open nathanweeks opened 2 years ago

nathanweeks commented 2 years ago

It would be helpful to have a configuration option to disable logins (e.g., to meet site security requirements).

GuilhemSempere commented 2 years ago

Could you explain a bit more your idea?

nathanweeks commented 2 years ago

Perhaps an environment variable (e.g., GIGWA_DISABLE_LOGIN) that when set (e.g., for the tomcat service defined in the docker-compose.yml file), removes the ability to login? A public-facing Gigwa instance that is behind a reverse proxy (probably the typical setup) could be taken "offline" for database updates by, e.g.,:

  1. Disable reverse proxying to Gigwa
  2. Restart the tomcat service without the GIGWA_DISABLE_LOGIN environment variable
  3. Make the updates
  4. Restart the tomcat service with GIGWA_DISABLE_LOGIN=1
  5. Re-enable the reverse proxy

This would allow a public-facing Gigwa instance to be less vulnerable to hacking attempts, meet organization security policy requirements, etc.

GuilhemSempere commented 2 years ago

My understanding is that you're talking about cases where all DBs would be public and no-one except the administrator would need to log into the system, correct? If you're referring to adding an Apache layer on top of Tomcat, I would rather avoid adding weight and complexity to the Docker image. I'm sure disabling the authentication system could be achieved by commenting out or amending a couple of lines in applicationContext-security.xml

nathanweeks commented 2 years ago

Thanks! I'm referring to the scenario where the tomcat container is behind an existing external reverse proxy / load balancer (that also handles TLS termination, etc.) that is not specified in the docker-compose.yml.

If commenting-out lines in applicationContext-security.xml prevented user login, that would be the most-important first step towards a workable solution. Ultimately, it would be preferable to disable the login page completely (and remove the "Log-in" button from the navbar) to be more convincing for organization security personnel that the site is in compliance with such security policies--- and to avoid attracting hackers to even a non-functional login page.