View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0017956||phpList 3 application||Interface - Administrator||public||30-11-15 14:32||30-11-15 22:54|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Target Version||next minor|
|Summary||0017956: restrict admin logins to one IP|
|Description||It should be safer to restrict a login to one IP. In general one admin should be on one IP.|
This is different from CHECK_SESSIONIP in that it should check it cross-sessions, which means it needs a DB table to store the data in.
This same table could then be used to avoid multiple admins editing a single campaign and overwriting each others data, similar to how WP does that.
|Tags||No tags attached.|
It's not clear what this might mean.
Do you mean admin "michiel" can login only from a fixed IP address?
Or does it mean that only one admin called "michiel" can be logged-in at one time?
yes, I mean only one admin called "michiel" can be logged-in at a time.
I'm happy to take comments and suggestions. I know loads of people tend to share logins, in which case it may be awkward. I guess for download, I can allow switching it off. For the service, it's better if it can be enforced.