search

globaleaks / whistleblowing-software

GlobaLeaks is free, open-source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.
https://www.globaleaks.org
Other
1.23k stars 269 forks source link

Usability Issue - Accepting acces to the "files section" #3644

Open schris-dk opened 1 year ago

schris-dk commented 1 year ago

What version of GlobaLeaks are you using?

4,13,11

What browser(s) are you seeing the problem on?

All

What operating system(s) are you seeing the problem on?

Windows

Describe the issue

Just a little "irritating missing feature/bug".

When opening the "#Files" section in the management interface, you need to add either multifactor code or PW -to proceed - and you need to click the "enter/submit" button - you cannot just press Enter (the button is not selected automatically as in other pages).

And by the way - would it be possible to add a general setting, where this - in my eyes - not really needed feature can be disabled? (still turned on by default, but being able to disable it by choice)

Proposed solution

No response

evilaliv3 commented 1 year ago

Thank you @schris-dk

Actually this change as been made to break many possible vector attacks:

For this reason thanks to the valuable advice by @gronke from the @radicallyopensecurity team we have secured resources like the one you are talking about with 2FA; we do not consider to change this behavior because enabling administrators to disable the feature would lead to bad practices.

I hope this helps understanding.

schris-dk commented 1 year ago

Thnx for clarifying😊

The missing automatic button selection – is that a part of this feature too? It is just annoying not to be able to click “Enter” but need to use the mouse 😊 (yes I’m lazy 😊)

Med venlig hilsen Søren Christensen Senior Manager Telefon: +4539159901 Mobil: +4530934933 @.**@.>

BDO Statsautoriseret revisionsaktieselskab CVR: 20222670 Havneholmen 29 1561 København V Tlf.: +4539155200 www.bdo.dkhttps://www.bdo.dk/da-dk/bdo-danmark

BDO Statsautoriseret revisionsaktieselskab, danskejet rådgivnings- og revisionsvirksomhed, er medlem af BDO International Limited - et UK-baseret selskab med begrænset hæftelse - og del af det internationale BDO netværk bestående af uafhængige medlemsfirmaer. BDO er varemærke for både BDO netværket og for alle BDO medlemsfirmaerne. BDO i Danmark beskæftiger mere end 1.400 medarbejdere, mens det verdensomspændende BDO netværk har over 111.000 medarbejdere i mere end 164 lande.

Denne e-mail og enhver vedhæftet fil er fortrolig. Hvis du ikke er rette modtager, bedes du venligst omgående underrette os og derefter slette e-mailen og enhver vedhæftet fil uden at beholde kopi og uden at videregive oplysninger om indholdet.

Tænk på miljøet - er det nødvendigt at printe mailen?

Fra: Giovanni Pellerano @.> Sendt: 21. september 2023 13:25 Til: globaleaks/GlobaLeaks @.> Cc: Søren Christensen @.>; Mention @.> Emne: Re: [globaleaks/GlobaLeaks] Minor bug - Accepting acces to the "files section" (Issue #3644)

Ekstern afsender

Thank you @schris-dkhttps://github.com/schris-dk

Actually this change as been made to break many possible vector attacks:

For this reason than to the valuable advice by @gronkehttps://github.com/gronke from the @radicallyopensecurityhttps://github.com/radicallyopensecurity team we have secured resources like the one you are talking about with 2FA.

— Reply to this email directly, view it on GitHubhttps://github.com/globaleaks/GlobaLeaks/issues/3644#issuecomment-1729374801, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AQ5NSMUANUR32ZKOYAUQSILX3QPZLANCNFSM6AAAAAA5BLT4BA. You are receiving this because you were mentioned.Message ID: @.***>

evilaliv3 commented 1 year ago

Maybe that is a bug, will retry to check; thank you