View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000594 | bugs.cacert.org | public | 2008-08-12 18:54 | 2020-06-27 12:21 | |
Reporter | netsurf | Assigned To | jandd | ||
Priority | normal | Severity | tweak | Reproducibility | have not tried |
Status | closed | Resolution | suspended | ||
Summary | 0000594: Wrong remote IP address on password reset e-mail | ||||
Description | When requesting a password reset, an e-mail is sent with a link to reset your password. In this e-mail, you are also given the remote IP address of who requested the reset. Instead of my public IP address, I get this: Username: netsurf Remote IP address: 172.16.2.1 Presumably, this is the local gateway the server is behind as 172.16.0.0/16 is reserved for private use. | ||||
Tags | No tags attached. | ||||
|
quite right - the bug tracker is behind a SSL proxy which hides the IP of origin. Maybe if we get to deploying x509 authentication on the bug tracker bug 0000678 this problem will also be solved. |
|
No, that's not plausible. Adding certificate-based authentication will not change the output of the IP of origin (and may cause other issues, such as the continual need to patch bug-tracker software, as it is externally sourced...), and a password reset would not be necessary if one could login with a certificate. |
|
The bug tracking software could possible be fixed if the SSL proxy sets a X-Forwarded-For HTTP header. I don't know whether this is the case and whether mantis supports this (yet). |
|
I will have a look at whether it is possible to fix this with the current infrastructure. |
|
the current password reset mechanisms work differently. There is no email with an IP address anymore. |
Date Modified | Username | Field | Change |
---|---|---|---|
2008-08-12 18:54 | netsurf | New Issue | |
2009-06-03 04:11 | Daniel Black | Note Added: 0001424 | |
2009-06-03 04:13 | Daniel Black | Note Edited: 0001424 | |
2012-08-16 09:12 | DavidMcIlwraith | Note Added: 0003140 | |
2013-01-10 19:33 | jandd | Note Added: 0003637 | |
2013-01-10 19:34 | jandd | Assigned To | => jandd |
2013-01-10 19:34 | jandd | Note Added: 0003638 | |
2013-01-10 19:34 | jandd | Status | new => needs work |
2020-06-27 12:21 | jandd | Status | needs work => closed |
2020-06-27 12:21 | jandd | Resolution | open => suspended |
2020-06-27 12:21 | jandd | Note Added: 0005891 |