CAcert Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000223Main CAcert Websiteaccount administrationpublic2006-05-01 07:572016-08-28 08:44
ReporterSourcerer 
Assigned To 
PrioritylowSeverityfeatureReproducibilityalways
StatusconfirmedResolutionopen 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0000223: Auditor Interface
DescriptionWe need an auditor interface in the web-interface, both for internal and external auditors.
The auditor should have the function of running predefined queries against the database, and see the result of them.
Needed functionality:
* List of all accounts with the Admin Bit
* List of all accounts with non-[A-Za-z0-9] characters in any fields
* List of all certificate with Punicode in it
* List of all Orga-Assurers, together with their country
* List of all Location-DB-Admins, together with their country
* List of all countries, and the amount of assurers, users (certificates) in that country
...
TagsNo tags attached.
Reviewed by
Test Instructions
Attached Files

- Relationships
related to 0001136closedBenBE Main CAcert Website Extend SE console with the functionality to revoke all user certificates of an user account 
related to 0000591confirmed Main CAcert Website CPS has to be improved for audit. 
related to 0000592confirmed Main CAcert Website The domain name checking have to be improved to be auditable 
related to 0000593confirmed Main CAcert Website Org client certificates CN field cannot be verified 
related to 0000612needs review & testingNEOatNHNG Main CAcert Website Add IP address and time stamp to someone viewed your lost password questions notice. 
related to 0000815new Main CAcert Website Auditing functions for organisation assurance 
related to 0000826new Main CAcert Website Auditing features for fighting abuse of CAcert systems in regard of adding domain/email addresses 
related to 0000888closedNEOatNHNG Main CAcert Website to add new assurance method TTP 
related to 0001007needs work Main CAcert Website add 5 Experience points for ATE attendance form 
related to 0001134closedNEOatNHNG Main CAcert Website Delete the board flag thourougly in all parts of our software 
related to 0001135closeddastrath Main CAcert Website Extend database table AdminLog et al 
related to 0001157newINOPIAE cacert1.it-sls.de Extend TMS for audit functionality 

-  Notes
(0000214)
bluec (manager)
2006-05-01 08:00

This could also be extended to a Apache logfile analysis. There have been exploits in the CAcert source that could only detected by looking at the Apache logfiles.

e.g. http://bugs.cacert.org/view.php?id=152 [^]
(0000215)
Sourcerer (administrator)
2006-05-01 08:00

* List of all accounts that have >= 50 points, and have been assured by less than 2 people
* List of all accounts that have >= 100 points, and have been assured by less then 3 people
(0005527)
Eva (updater)
2016-08-28 08:44

Is there an Arbitration ruling to provide this kind of access? Else this would neither be covered by Security Policy nor by Privacy Policy.

- Issue History
Date Modified Username Field Change
2006-05-01 07:57 Sourcerer New Issue
2006-05-01 07:57 Sourcerer Status new => needs work
2006-05-01 07:57 Sourcerer Assigned To => bluec
2006-05-01 08:00 bluec Note Added: 0000214
2006-05-01 08:00 Sourcerer Note Added: 0000215
2007-10-24 05:45 evaldo Assigned To bluec =>
2007-10-24 05:45 evaldo Priority normal => low
2007-10-24 05:45 evaldo Status needs work => confirmed
2012-12-20 18:37 Werner Dworak Relationship added related to 0000591
2012-12-20 18:38 Werner Dworak Relationship added related to 0000592
2012-12-20 18:39 Werner Dworak Relationship added related to 0000593
2012-12-20 18:39 Werner Dworak Relationship added related to 0000612
2012-12-20 18:40 Werner Dworak Relationship added related to 0000815
2012-12-20 18:41 Werner Dworak Relationship added related to 0000826
2012-12-20 18:41 Werner Dworak Relationship added related to 0000888
2012-12-20 18:43 Werner Dworak Relationship added related to 0001007
2013-01-09 04:13 Werner Dworak Relationship added related to 0001134
2013-01-09 08:15 INOPIAE Relationship added related to 0001136
2013-01-09 11:00 Werner Dworak Relationship added related to 0001135
2013-03-17 08:57 INOPIAE Relationship added related to 0001157
2016-08-28 08:44 Eva Note Added: 0005527


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker