View Issue Details

This bug affects 1 person(s).
 252
IDProjectCategoryView StatusLast Update
14638Feature requestsSecuritypublic2021-03-07 21:26
ReporterDenisChenu Assigned Toc_schmitz  
PrioritynoneSeverityfeature 
Status acknowledgedResolutionopen 
Summary14638: One time password : add "time out"
DescriptionOne time password seems unlimited in time. A one time pasword generate today still valid in 10 years.
(I didn't test a lot one time password …)
I think it's a good idea to have a limited in time one-time password.
Additional Information1. Add a datetime (created ?) column in one time password
2. Add a 'timelimit' one time password in config
3. When an user come with a one time password check if datetime + timelimit is over (or not) and show an error message

After we can start to work on https://bugs.limesurvey.org/view.php?id=14049
Where we replace all password send by a one time password send.
Tagssecurity
Bug heat252

Users monitoring this issue

User List There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2019-03-12 17:45

developer   ~50931

To disable potential incompatibility with previous system using one-time password : set the default to null/0 => mean unlimited.
I dislike to have a bad security by default but if it's different : it broke different usage.

BUT : maybe set it to one hour by default : it's OK because we broke API.

Issue History

Date Modified Username Field Change
2019-03-12 17:43 DenisChenu New Issue
2019-03-12 17:45 DenisChenu Note Added: 50931
2021-03-07 21:08 c_schmitz Tag Attached: security
2021-03-07 21:26 c_schmitz Assigned To => c_schmitz
2021-03-07 21:26 c_schmitz Status new => acknowledged