Project

General

Profile

Feature #6215

Create consistent UI for admin access security

Added by Michael Newton about 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
-
Start date:
04/20/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

I have probably filled in this page thousands of times, but every time I have to double check each box to make sure I'm doing it right:

Disable webConfigurator redirect rule: unchecked is insecure
Enable webConfigurator login autocomplete: unchecked is more secure
Disable logging of webConfigurator successful logins: unchecked is secure
Disable webConfigurator anti-lockout rule: unchecked is insecure
Disable DNS Rebinding Checks: unchecked is secure
Disable HTTP_REFERER enforcement check: unchecked is secure

I propose that something being checked should be treated as secure, and that labels and descriptive language should be made consistent to match.

Enable HTTPS-only access
Disable login form autocomplete
Enable logging for admin logins
Enable web configurator limited access
Enable DNS rebinding checks
Enable HTTP_REFERER enforcement

It would be ideal if all labels started with "enable" but not sure how to word that second one. Because you should be checking a box to enable something, not disable it.

Also available in: Atom PDF