Hey everybody,
I'm searching for a way to force a authentication for viewing a mantis bug/page. In the current configuration acess via adresses like "https://mantis.xxxxxx.net/view.php?id=5200#c19472" allows to view the bug. The choosen user is the oldest user in mantis.
Anybody has an idea? I was not able to find a solution.
Thank you.
MantisBT-Version 2.10.0
Schema-Version 209
Force authentication
Moderators: Developer, Contributor
Re: Force authentication
This is how Mantis works out of the box, you don't have to change anything for it.
Someone must have changed the following setting if viewing a bug without authentication is possible on your Mantis installation.
Code: Select all
$g_allow_anonymous_login = OFF;
Re: Force authentication
Thank you for the fast answer!I've set the setting $g_allow_anonymous_login = OFF already, but I found my mistake.
The acess on bugs in "public projects" is still possible. We use public projects for the reason we don't want to add any new user to all projects. Is there a way to hide "public projects" for users that are'nt logged in? Otherwise we need to change all public projects to private projects und
Thank you!
The acess on bugs in "public projects" is still possible. We use public projects for the reason we don't want to add any new user to all projects. Is there a way to hide "public projects" for users that are'nt logged in? Otherwise we need to change all public projects to private projects und
Thank you!
Re: Force authentication
I wouldn't expect this.
Are you 100% sure that you disabled anonymous access?
To be sure, visit the login page on your installation and compare it with the one form our bugtracker https://www.mantisbt.org/bugs/login_page.php
You should not see a link for anonymous login.
BTW, you should update your MantisBT Version 2.10.0 to latest one (2.18.0 at the moment), as we fixed a lot of bugs, especially security related ones since 2.10.0.