Apache Allura™

Forge software for hosting software projects

Brought to you by: alexluberg, brondsem, deshani, dill0wn, and 10 others

Git Merge Request #168: Adds multifactor status warnings on User Permissions page (open)

Merging...

Merged

Something went wrong. Please, merge manually

Checking if merge is possible...

Something went wrong. Please, merge manually

Kenton Taylor wants to merge 1 commit from /u/kentontaylor/allura/ to master, 2016-11-11

Commit	Date
[8cdfde] (kt/2fa_status) by Kenton Taylor Adds 2FA status warning on user permissions page	2016-11-10 15:14:39	Tree

Discussion

Dave Brondsema - 2016-11-11

I think this is a nice improvement. We might need to make the text a bit more subtle, for projects that have many members without multifactor enabled.

A security concern, though, is that anyone can add anyone else to their project. And then they'd be able to see if the other person has multifactor authe enabled. I don't think we want people to do that. A good solution (although not easy) would be to create an invitation system so that people must accept joining a project. That would be a nice improvement anyway.

So I think we should hold this merge request until we have that done.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.