[Tickets #9466] Re: If ip/browser changes during Horde session its not possible to login again
bugs at horde.org
bugs at horde.org
Thu Dec 23 19:00:47 UTC 2010
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/9466
------------------------------------------------------------------------------
Ticket | 9466
Updated By | goncalo.queiros at portugalmail.net
Summary | If ip/browser changes during Horde session its not
| possible to login again
Queue | Horde Framework Packages
Version | Git master
Type | Bug
State | Resolved
Priority | 1. Low
Milestone |
Patch |
Owners | Michael Slusarz
------------------------------------------------------------------------------
goncalo.queiros at portugalmail.net (2010-12-23 14:00) wrote:
> Horde is not an intrustion detection system. The session IP is
> meant to provide security (which it does), not a definitive
> determination that you have been compromised.
>
> Regardless, such investigation would almost certainly be performed
> by the admin, not the user.
>
> How would you inform user A in this case? You would have to create
> some sort of independent recording system solely for this feature.
> As mentioned above, this feature wasn't designed to for this - it is
> designed as a simple killswitch in case something fishy might be
> occurring but that's the extent of its usefulness.
Agreed :)
More information about the bugs
mailing list