User/group IP access restriction

[Alexander Obuhovich]

I propose to add "IP access" field to both user and group editing screens (user can change it's value on front-end). This will work as follow:

• when user tries to login using IP address that doesn't match provided, then login will fail
• when user/admin will successfully login, but it's IP address doesn't match all/some defined in it's groups, then all will work, like user was never added to that group.

Of course we can enter networks and other stuff, like in DBG_IP setting in debug.php

--
Best Regards,

http://www.in-portal.com
http://www.alex-time.com

[Phil ..:: domicilis.biz ::..]

well, this could strenghten the extranet features of In-Portal, and we should also create new content on in-portal.com to promote these powerfull features: an extranet could also be a private outlet, and both of theses are top trend technologies ;-)

2010/3/6 Alexander Obuhovich <aik....@gmail.com>

[Alexander Obuhovich]

What is extranet?

[Phil ..:: domicilis.biz ::..]

http://bg.wikipedia.org/wiki/%D0%95%D0%BA%D1%81%D1%82%D1%80%D0%B0%D0%BD%D0%B5%D1%82

We don't provide all features of an extranet, but the fact that users with right credentials can access private info, from front of back end, constitue an extranet, do you agree with me?

2010/3/6 Alexander Obuhovich <aik....@gmail.com>

[Alexander Obuhovich]

Website could not be considered as extranet based on your article, since extranet is a private network. We only enhance website framework (In-Portal) to be able to control site access based on IP.

[Phil ..:: domicilis.biz ::..]

Similarly, for smaller, geographically united organizations, "extranet" is a useful term to describe selective access to intranet systems granted to suppliers, customers, or other companies. Such access does not involve tunneling, but rather simply an authentication mechanism to a web server. In this sense, an "extranet" designates the "private part" of a website, where "registered users" can navigate, enabled by authentication mechanisms on a "login page".

http://en.wikipedia.org/wiki/Extranet

I've always told my customer, as example, that they sales rep. can access a special menu, where they can gain access to online catalog with prices, or showing extra informations like qty in stock. For partners and franchisees, they can access informations like grop results, private docs, and so on...

You don't need a VPN to talk about extranet, if information is on a server, and access to this information is restricted to selected users, then this is an extranet :)

2010/3/6 Alexander Obuhovich <aik....@gmail.com>

[Dmitry Andrejev]

Hi Alex,

Yes, this is sounds like a good feature and not too hard to do.

Phil, it's kind of Extranet / Intranet, but not entirely. However you are welcome to advertise and customize so it works as one.

Cheers!

DA.

[Dmitry Andrejev]

Alex, what's you call on this.

Let's add this to the Feature Requests?

DA.

[Phil ..:: domicilis.biz ::..]

I think too it's really good idea.

If IP isn't listed

- deny access
- grant access without belonging to original user's group (does it
means admin user's would be in "read-only"?)

IP can be entered using regular expressions.

Alex, is this your complete idea? sorry I wanted to understand that's
why I reformulate it :$

Phil.

2010/3/25 Dmitry Andrejev <dand...@gmail.com>:

> To unsubscribe from this group, send email to
> in-portal-dev+unsubscribegooglegroups.com or reply to this email with the
> words "REMOVE ME" as the subject.
>

[Alexander Obuhovich]

No IP addresses as regular expressions, since we have subnets for that. Yes, feature request can be added.

[Dmitry Andrejev]

Task has been filed:

645: User / Group Access restriction by IP

http://tracker.in-portal.org/view.php?id=645

DA.