joyvuu-dave / comeals-rails

DEPRECATED Comeals allows cohousing communities to reconcile the cost of common meals.
1 stars 0 forks source link

As an administrator, I would like to restrict access to the Common User to a holder of a uniquely identifying feature. #16

Open crw opened 8 years ago

crw commented 8 years ago

Had trouble wording this. What I mean is this:

You should not be able to log in to the the Common User (CU) from the internet-at-large. You should only be able to log in to the CU from a restricted set of hosts.

My security speak is probably off here, but "Uniquely Identifying Feature" could be an X.509 certificate, a USB key with a secret on it, something that only one computer could have. Even better would be to have that further restricted by IP, MAC address, or something similar.

Even better would be if an administrator could set that up once, and then the machine in question would never need a password entered again. This would help if the admin is on vacation and the machine needs to be rebooted, it could reboot back into a usable state without needing to enter passwords.

The purpose of further locking down by IP would be if the device were physically stolen and moved off-premises, the thief could not use that cert to log in to CU and cause havoc.

Overkill you say? Madness, you say? Perhaps, sir, perhaps. Or perhaps... genius!