share server: make some content available only to signed in users

sagemathinc / cocalc

CoCalc: Collaborative Calculation in the Cloud

https://CoCalc.com

Other

1.17k stars 216 forks source link

share server: make some content available only to signed in users #4942

Open haraldschilly opened 4 years ago

haraldschilly commented 4 years ago

right now, we don't use any sign in information on the share server. so, this is not possible right now. this enhancement is about creating a method where we check if a user is signed in and only then show the content.

requested by: christian stump

williamstein commented 4 years ago

I think we should consider closing this request, since it opens up the share server to massive potential security issues. Right now by having no sign in info, bad content is less dangerous.

haraldschilly commented 4 years ago

Well, I know, but in Christian's situation – running cocalc on prem – there is only a limited, controlled number of users. So, without arbitrary sign-ups like on cocalc.com, it suddenly makes sense to make some content only available to the group of allowed users.

I'm aware that this is dangerous, I still want to keep it open, because maybe I have an idea. I'm assigning it to myself.

williamstein commented 4 years ago

Oh I see this is for on prem where this makes sense.