Feature #40914: mgr/dashboard: REST API: security - Dashboard - Ceph

Custom queries

Backports
Backports: nautilus
Bug queue
Bug queue (last 30 days)
Bug triage
Categorized under Usability + UX
Clean-ups
Crash queue
Crash triage
Dashboard bugs (last 180 days)
Dashboard Bugs (NEW) in the last 30 days (except accessibility)
Dashboard CDS
Dashboard Sprint 23
Feedback
Low Hanging Fruit
Monitoring
My issues
Need Review
Pending backports
Product Backlog Scrub
Quincy: backlog
Rook - Dashboard Integration bugs
Telemetry
Test Failures

Actions

Copy link

Feature #40914

closed

Feature #40907: mgr/dashboard: REST API improvements

mgr/dashboard: REST API: security

Added by Ernesto Puerta almost 5 years ago. Updated about 3 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Nizamudeen A

Category:

General - Back-end

Target version:

% Done:

Source:

Tags:

security

Backport:

nautilus, octopus

Reviewed:

Affected Versions:

Pull request ID:

38316

Description

The following measures should be implemented:
- Failed login limit (after that, the user will be disabled).
- Rate limiting: per-user/token.
- Cache-control private for every response containing personal sensitive information.

Related issues 4 (1 open — 3 closed)

Related to Dashboard - Feature #39999: mgr/dashboard: Prevent brute-force/dictionary attacks against existing local user accounts

Resolved

Nizamudeen A

Actions

Blocks Dashboard - Feature #47765: mgr/dashboard: security improvements

New

Actions

Copied to Dashboard - Backport #48794: octopus: mgr/dashboard: REST API: security

Resolved

Nizamudeen A

Actions

Copied to Dashboard - Backport #48795: nautilus: mgr/dashboard: REST API: security

Rejected

Actions

Issue # Delay: days Cancel

History
Notes
Property changes

Actions

Copy link

Updated by anurag bandhu about 4 years ago

Assignee set to anurag bandhu

Actions

Copy link

Updated by Lenz Grimmer about 4 years ago

Related to Feature #39999: mgr/dashboard: Prevent brute-force/dictionary attacks against existing local user accounts added

Actions

Copy link

Updated by Lenz Grimmer about 4 years ago

Per our conversation during today's standup, let's split this issue up by moving "Rate limiting: per-user/token" and "Cache-control private for every response containing personal sensitive information" into separate issues and keep the focus of this issue on the limiting failed logins. However, I wonder if this isn't captured in #39999 already?

Actions

Copy link

Updated by Ernesto Puerta over 3 years ago

Tags set to security

Actions

Copy link

Updated by Ernesto Puerta over 3 years ago

Blocks Feature #47765: mgr/dashboard: security improvements added

Actions

Copy link

Updated by Aashish Sharma over 3 years ago

Assignee changed from anurag bandhu to Aashish Sharma

Actions

Copy link

Updated by Aashish Sharma over 3 years ago

Pull request ID set to 37912

Actions

Copy link

Updated by Aashish Sharma over 3 years ago

Status changed from New to Fix Under Review

Actions

Copy link

Updated by Nizamudeen A over 3 years ago

Assignee changed from Aashish Sharma to Nizamudeen A
Pull request ID changed from 37912 to 38316

Actions

Copy link

#10

Updated by Avan Thakkar over 3 years ago

Status changed from Fix Under Review to Resolved

Actions

Copy link

#11

Updated by Nizamudeen A over 3 years ago

Status changed from Resolved to Pending Backport
Backport set to octopus, nautilus

Actions

Copy link

#12

Updated by Backport Bot over 3 years ago

Copied to Backport #48794: octopus: mgr/dashboard: REST API: security added

Actions

Copy link

#13

Updated by Backport Bot over 3 years ago

Copied to Backport #48795: nautilus: mgr/dashboard: REST API: security added

Actions

Copy link

#15

Updated by Nizamudeen A over 3 years ago

Backport changed from octopus, nautilus to octopus

Actions

Copy link

#16

Updated by Nathan Cutler over 3 years ago

Backport changed from octopus to nautilus, octopus

Re-adding nautilus to backport field because, without it, the presence of the rejected nautilus backport issue causes the "backport-create-issue" script to complain:

ERROR:root:https://tracker.ceph.com/issues/40914 has more backport issues (,nautilus,octopus) than     expected (octopus)

Actions

Copy link

#18

Updated by Nathan Cutler over 3 years ago

Status changed from Pending Backport to Resolved

While running with --resolve-parent, the script "backport-create-issue" noticed that all backports of this issue are in status "Resolved" or "Rejected".

Actions

Copy link

#19

Updated by Ernesto Puerta about 3 years ago

Project changed from mgr to Dashboard
Category changed from 146 to General - Back-end

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph » mgr » Dashboard

Custom queries

Feature #40914

mgr/dashboard: REST API: security

Updated by anurag bandhu about 4 years ago

Updated by Lenz Grimmer about 4 years ago

Updated by Lenz Grimmer about 4 years ago

Updated by Ernesto Puerta over 3 years ago

Updated by Ernesto Puerta over 3 years ago

Updated by Aashish Sharma over 3 years ago

Updated by Aashish Sharma over 3 years ago

Updated by Aashish Sharma over 3 years ago

Updated by Nizamudeen A over 3 years ago

Updated by Avan Thakkar over 3 years ago

Updated by Nizamudeen A over 3 years ago

Updated by Backport Bot over 3 years ago

Updated by Backport Bot over 3 years ago

Updated by Nizamudeen A over 3 years ago

Updated by Nathan Cutler over 3 years ago

Updated by Nathan Cutler over 3 years ago

Updated by Ernesto Puerta about 3 years ago