Issue #343 wontfix

scmadmin - disable login from internet, but allow internally - feature request

Scott Russell
created an issue

Hi, This is a recurring theme that appears across many open source projects. Since we are an enterprise organisation, we do not allow admin access to applications from the internet. Admin access has to be done, internally(this may be allowed via a vpn connection from the internet, but for all intents and purposes, the connection is from our internal network).
To facilitate this, we have seen some projects provide two separate war files. Once for "normal" user access, and one for the admin user to access. This means we can deploy the admin user on a separate jvm, and hence have a nice sandboxed access to administration. This can listen on another ip/port, which would allow us to separate admin access from normal user access.
In other words, no matter how hard a black hat tries, there is no admin functionality available on the internet facing application(eg. scmadmin does not exist).
Not sure if this is currently possible, appreciate any feedback on your thougths as to the practicality of doing such a setup.

                     thanks for a great product, and keep up the good work

                                                Sc0tt..

Comments (4)

  1. Gabriel D

    Just curious why don't you just run 2 different scm-managers one with admins and one with non admin permissions just aimed at the same home directory?

  2. Sebastian Sdorra repo owner

    This is not a good idea. You should never run two instances on the same home directory, because one instance could override the changes of the other instance.

  3. Log in to comment