Allow host deletion without login prompt


  • Testers

    I believe this is a feature request and not a bug report - on the recent builds, you are required to authenticate when deleting a host through the web UI. I’d prefer this be an option so that I can disable the requirement and return to the old style where no actions in the UI required re-auth.


  • Testers

    @Tom-Elliott Okay, that makes sense then. I’d be in favor of removing it, but I’m also in favor or reducing complexity if it helps troubleshooting and your sanity for working on the code.


  • Senior Developer

    @Wayne-Workman This isn’t to make a person’s like harder or easier. It’s because commonalities between pages make things simpler to code for the future.

    Make exceptions is not overly difficult but starts to make code obfuscated and more difficult to track errors. You’ll notice ALL pages require reauth on delete (Images, Snapins, Hosts, Printers, Locations, etc…) This is because there’s a common controller for all of them.



  • Adding on this - there is no prompt for creating or deploying a snapin - there should be if the goal is security. But for deleting a host - I feel that unnecessary.


  • Senior Developer

    @MRCUR said in Allow host deletion without login prompt:

    return to the old style where no actions in the UI required re-auth.

    While it would be possible to remove some of the login prompts (whether or not we decide to do so is another matter), certain things will still have them no matter what. One such thing is the database export, that must, and will, require re-authentication to do so. Too much sensitive information is stored in your database to not re-prompt for export.



  • I second this. Deleting a single host IMO is trivial. There is no real security threat if someone hijacks my session and starts deleting hosts one at a time. They will just report back in via fog client as pending.


 

347
Online

41.4k
Users

11.8k
Topics

112.2k
Posts