yii2-user icon indicating copy to clipboard operation
yii2-user copied to clipboard

Published 20 hours ago verified publisher icon dektrium

introduce $allowedIpConfiguration

Open thyseus opened this issue 8 years ago • 3 comments

Ip configuration that determines if an administrator can log in. Defaults to null which means that no ip check is being performed.

Q A
Is bugfix? no
New feature? yes
Breaks BC? no

thyseus avatar Mar 30 '17 14:03 thyseus

This would deny admins to login from unknown IPs, but not normal users. Would it not make more sense to just NOT give them admin permissions instead?

SamMousa avatar May 23 '17 10:05 SamMousa

This is an security improvement headed towards administrator users. But you are right, i am thinking about an even more flexible solution: a column allowed_ips in the user table so that users can be restricted to ip range(s) very flexibly. What do you think?

thyseus avatar May 23 '17 11:05 thyseus

We need more opinions about this change.

thiagotalma avatar Dec 27 '17 17:12 thiagotalma