Force authentication

Get help from other users here.

Moderators: Developer, Contributor

Post Reply
habben2
Posts: 2
Joined: 20 Nov 2018, 09:23

Force authentication

Post by habben2 »

Hey everybody,

I'm searching for a way to force a authentication for viewing a mantis bug/page. In the current configuration acess via adresses like "https://mantis.xxxxxx.net/view.php?id=5200#c19472" allows to view the bug. The choosen user is the oldest user in mantis.

Anybody has an idea? I was not able to find a solution.

Thank you.

MantisBT-Version 2.10.0
Schema-Version 209
atrol
Site Admin
Posts: 8366
Joined: 26 Mar 2008, 21:37
Location: Germany

Re: Force authentication

Post by atrol »

habben2 wrote: 20 Nov 2018, 09:34 I'm searching for a way to force a authentication for viewing a mantis bug/page.
This is how Mantis works out of the box, you don't have to change anything for it.

Someone must have changed the following setting if viewing a bug without authentication is possible on your Mantis installation.

Code: Select all

$g_allow_anonymous_login = OFF;
Please use Search before posting and read the Manual
habben2
Posts: 2
Joined: 20 Nov 2018, 09:23

Re: Force authentication

Post by habben2 »

Thank you for the fast answer!I've set the setting $g_allow_anonymous_login = OFF already, but I found my mistake.

The acess on bugs in "public projects" is still possible. We use public projects for the reason we don't want to add any new user to all projects. Is there a way to hide "public projects" for users that are'nt logged in? Otherwise we need to change all public projects to private projects und

Thank you!
atrol
Site Admin
Posts: 8366
Joined: 26 Mar 2008, 21:37
Location: Germany

Re: Force authentication

Post by atrol »

habben2 wrote: 21 Nov 2018, 09:36 The acess on bugs in "public projects" is still possible.
I wouldn't expect this.
Are you 100% sure that you disabled anonymous access?

To be sure, visit the login page on your installation and compare it with the one form our bugtracker https://www.mantisbt.org/bugs/login_page.php

You should not see a link for anonymous login.

BTW, you should update your MantisBT Version 2.10.0 to latest one (2.18.0 at the moment), as we fixed a lot of bugs, especially security related ones since 2.10.0.
Please use Search before posting and read the Manual
Post Reply