View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000223 | Main CAcert Website | account administration | public | 2006-05-01 07:57 | 2016-08-28 08:44 |
| Reporter | Sourcerer | Assigned To | |||
| Priority | low | Severity | feature | Reproducibility | always |
| Status | confirmed | Resolution | open | ||
| Summary | 0000223: Auditor Interface | ||||
| Description | We need an auditor interface in the web-interface, both for internal and external auditors. The auditor should have the function of running predefined queries against the database, and see the result of them. Needed functionality: * List of all accounts with the Admin Bit * List of all accounts with non-[A-Za-z0-9] characters in any fields * List of all certificate with Punicode in it * List of all Orga-Assurers, together with their country * List of all Location-DB-Admins, together with their country * List of all countries, and the amount of assurers, users (certificates) in that country ... | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
| related to | 0001136 | closed | BenBE | Main CAcert Website | Extend SE console with the functionality to revoke all user certificates of an user account |
| related to | 0000591 | confirmed | Main CAcert Website | CPS has to be improved for audit. | |
| related to | 0000592 | confirmed | Main CAcert Website | The domain name checking have to be improved to be auditable | |
| related to | 0000593 | confirmed | Main CAcert Website | Org client certificates CN field cannot be verified | |
| related to | 0000612 | needs review & testing | NEOatNHNG | Main CAcert Website | Add IP address and time stamp to someone viewed your lost password questions notice. |
| related to | 0000815 | new | Main CAcert Website | Auditing functions for organisation assurance | |
| related to | 0000826 | new | Main CAcert Website | Auditing features for fighting abuse of CAcert systems in regard of adding domain/email addresses | |
| related to | 0000888 | closed | NEOatNHNG | Main CAcert Website | to add new assurance method TTP |
| related to | 0001007 | needs work | Main CAcert Website | add 5 Experience points for ATE attendance form | |
| related to | 0001134 | closed | NEOatNHNG | Main CAcert Website | Delete the board flag thourougly in all parts of our software |
| related to | 0001135 | closed | egal | Main CAcert Website | Extend database table AdminLog et al |
| related to | 0001157 | new | INOPIAE | test.cacert.org | Extend TMS for audit functionality |
|
|
This could also be extended to a Apache logfile analysis. There have been exploits in the CAcert source that could only detected by looking at the Apache logfiles. e.g. http://bugs.cacert.org/view.php?id=152 |
|
|
* List of all accounts that have >= 50 points, and have been assured by less than 2 people * List of all accounts that have >= 100 points, and have been assured by less then 3 people |
|
|
Is there an Arbitration ruling to provide this kind of access? Else this would neither be covered by Security Policy nor by Privacy Policy. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2006-05-01 07:57 | Sourcerer | New Issue | |
| 2006-05-01 07:57 | Sourcerer | Status | new => needs work |
| 2006-05-01 07:57 | Sourcerer | Assigned To | => bluec |
| 2006-05-01 08:00 |
|
Note Added: 0000214 | |
| 2006-05-01 08:00 | Sourcerer | Note Added: 0000215 | |
| 2007-10-24 05:45 | evaldo | Assigned To | bluec => |
| 2007-10-24 05:45 | evaldo | Priority | normal => low |
| 2007-10-24 05:45 | evaldo | Status | needs work => confirmed |
| 2012-12-20 18:37 | Werner Dworak | Relationship added | related to 0000591 |
| 2012-12-20 18:38 | Werner Dworak | Relationship added | related to 0000592 |
| 2012-12-20 18:39 | Werner Dworak | Relationship added | related to 0000593 |
| 2012-12-20 18:39 | Werner Dworak | Relationship added | related to 0000612 |
| 2012-12-20 18:40 | Werner Dworak | Relationship added | related to 0000815 |
| 2012-12-20 18:41 | Werner Dworak | Relationship added | related to 0000826 |
| 2012-12-20 18:41 | Werner Dworak | Relationship added | related to 0000888 |
| 2012-12-20 18:43 | Werner Dworak | Relationship added | related to 0001007 |
| 2013-01-09 04:13 | Werner Dworak | Relationship added | related to 0001134 |
| 2013-01-09 08:15 | INOPIAE | Relationship added | related to 0001136 |
| 2013-01-09 11:00 | Werner Dworak | Relationship added | related to 0001135 |
| 2013-03-17 08:57 | INOPIAE | Relationship added | related to 0001157 |
| 2016-08-28 08:44 | Eva | Note Added: 0005527 |
