Feature #90778

Integrate sudo mode for user tables

Added by Oliver Hader 7 months ago. Updated 7 months ago.

Status:
Rejected
Priority:
Should have
Assignee:
Category:
Security
Target version:
-
Start date:
2020-03-18
Due date:
% Done:

0%

PHP Version:
7.2
Tags:
Complexity:
Sprint Focus:

Description

Brief description

  • in TYPO3 backend
  • before modifications to user-related records are persisted, the system shall request a password confirmation ("sudo mode")
  • this procedure currently focuses on user-permissions only, but could be extended for data-privacy aspects as well

Components

  • modifications of TYPO3 v10 and v9 in order to support replaying a request based on a server request instruction (see patch)
  • actual implementation as TYPO3 extension at https://github.com/FriendsOfTYPO3/sudo-mode (experimental currently)

References

Screenshots

Backend admin is editing another backend user - before changes are persisted the following password confirmation dialog needs to be completed.

sudo-1.png View (121 KB) Oliver Hader, 2020-03-18 13:46

sudo-2.png View (88.2 KB) Oliver Hader, 2020-03-18 13:46

History

#1 Updated by Oliver Hader 7 months ago

  • Description updated (diff)

#2 Updated by Gerrit Code Review 7 months ago

  • Status changed from New to Under Review

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63763

#3 Updated by Markus Klein 7 months ago

  • Subject changed from Integrate sudo modo for user tables to Integrate sudo mode for user tables

#4 Updated by Gerrit Code Review 7 months ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63763

#5 Updated by Gerrit Code Review 7 months ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63763

#6 Updated by Gerrit Code Review 7 months ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63763

#7 Updated by Gerrit Code Review 7 months ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63763

#8 Updated by Gerrit Code Review 7 months ago

Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63763

#9 Updated by Oliver Hader 7 months ago

  • Description updated (diff)

#10 Updated by Gerrit Code Review 7 months ago

Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63763

#11 Updated by Gerrit Code Review 7 months ago

Patch set 9 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63763

#12 Updated by Oliver Hader 7 months ago

  • Status changed from Under Review to Rejected

No core changes required, sudo-mode handling happens in extension https://github.com/FriendsOfTYPO3/sudo-mode

Also available in: Atom PDF