Page MenuHomePhabricator
Create Task
Maniphest T7202

Make sure administrative options have approriate two-factor auth checks
Closed, ResolvedPublic
Actions

Description

We should run through stuff that instance admins can do and make sure we're doing hisec checks.

Revisions and Commits

Restricted Differential RevisionRestricted Diffusion Commit
rP Phabricator
D11803rP7f1914540f99 Phortune - require high security sessions for subscription edits

Event Timeline

epriestley created this task.Feb 7 2015, 12:13 AM
epriestley raised the priority of this task from to Needs Triage.
epriestley updated the task description. (Show Details)
epriestley added projects: Phacility, Security.
epriestley moved this task to v1 Open Beta on the Phacility board.
epriestley added a subscriber: epriestley.
epriestley assigned this task to btrahan.Feb 13 2015, 7:50 PM

For now, I think this is basically just:

  • create an instance;
  • invite members to an instance;
  • edit subscription details in Phortune (particularly, enabling autopay).

We should have a hisec check on those things. We don't need to actually require that users set up two-factor auth.

epriestley added a comment.Feb 13 2015, 7:51 PM

Notably, restarting daemons doesn't need a check, and none of the admin/management options have security implications.

btrahan triaged this task as High priority.Feb 17 2015, 10:51 PM
btrahan added a revision: D11803: Phortune - require high security sessions for subscription edits.Feb 18 2015, 7:35 PM
btrahan added a commit: rP7f1914540f99: Phortune - require high security sessions for subscription edits.Feb 18 2015, 7:37 PM
btrahan added a revision: Restricted Differential Revision.Feb 18 2015, 7:37 PM
btrahan closed this task as Resolved by committing Restricted Diffusion Commit.Feb 18 2015, 7:43 PM
btrahan added a commit: Restricted Diffusion Commit.
Phabricator · Built by Phacility