From: Dominik Csapak <d.csapak@proxmox.com>
To: Proxmox Backup Server development discussion
<pbs-devel@lists.proxmox.com>,
Thomas Lamprecht <t.lamprecht@proxmox.com>,
Gabriel Goller <g.goller@proxmox.com>
Subject: Re: [pbs-devel] [PATCH backup/proxmox-backup 0/4] fix #5463: add optional consent banner before login
Date: Thu, 23 May 2024 09:51:20 +0200 [thread overview]
Message-ID: <a8fcc8af-5623-4d3c-a920-a3003d3a3580@proxmox.com> (raw)
In-Reply-To: <1b388e0c-1239-4f91-9273-c329180ff4ec@proxmox.com>
On 5/22/24 17:31, Thomas Lamprecht wrote:
> Am 22/05/2024 um 15:19 schrieb Gabriel Goller:
>> This has been requested many times already for all products. To keep
>> it simple as it's still quite a niche feature, works with a single file:
>> /etc/proxmox-backup/consent.txt. If the file exists and is not empty,
>> a consent banner will be shown in front of the login view.
>>
>> This is just a reference implementation for pbs to get some feedback
>> and check if my general approach is alright. The same implementation
>> will then be ported to pve and eventually pmg.
>>
>> Another disclaimer: IANAL (I am not a lawyer :) ), so the wording is
>> probably off.
>
> A few general questions for you and/or the original requester of this
> feature:
>
> This is currently still missing any actual barrier as it's all frontend,
> shouldn't there be a cookie that is checked on the backend side if a
> consent.txt exist? If this specific consent type (RMF AC-8 for US gov)
> doesn't need that, it might be worth to replace the generic text box
> with a type selection for that, we could always add a "custom" type
> that takes a generic text and extent that with an option about how
> strict it should be checked, if we get this now.
when checking https://csf.tools/reference/nist-sp-800-53/r5/ac/ac-8/
(not the "official" document, but very close , the original can be downloaded
in docx form here:
https://csrc.nist.rip/projects/risk-management/about-rmf/assess-step/assessment-cases-download-page)
it does not seem to be necessary for any cookie handling
since it just wants the disclaimer to be displayed before login
>
> And how should API calls made using API tokens get handled, should they
> have a header signalling consent or not? If, should there be a set of
> standard consents that one can explicitly consent too? As a blanket
> consent to an unknown text would not be of much use.
also it says that this is only for human interaction, so any api
access etc. is exempt IIUC
>
> I'd in any way limit the length of the consent text to a relatively
> high boundary, like 10 KiB.
>
> Did you think about interpreting and rendering this as Markdown?
>
> Did you check if there already exist (FLOSS) proxies that implement
> this functionality by placing it between the user and any HTTP served
> page/tool/ui, as that would not require us to do anything at all
> (well, besides documenting it).
>
>
> _______________________________________________
> pbs-devel mailing list
> pbs-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
>
>
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next prev parent reply other threads:[~2024-05-23 7:51 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-22 13:19 Gabriel Goller
2024-05-22 13:19 ` [pbs-devel] [PATCH proxmox-backup 1/4] api: add consent api handler and config Gabriel Goller
2024-05-22 13:19 ` [pbs-devel] [PATCH proxmox-backup 2/4] ui: show consent banner before login Gabriel Goller
2024-05-22 15:21 ` Thomas Lamprecht
2024-05-23 9:41 ` Gabriel Goller
2024-05-22 13:19 ` [pbs-devel] [PATCH proxmox-backup 3/4] docs: add section about consent banner Gabriel Goller
2024-05-22 13:19 ` [pbs-devel] [PATCH backup 4/4] window: add consent modal Gabriel Goller
2024-05-22 15:31 ` [pbs-devel] [PATCH backup/proxmox-backup 0/4] fix #5463: add optional consent banner before login Thomas Lamprecht
2024-05-23 7:51 ` Dominik Csapak [this message]
2024-05-23 9:24 ` Thomas Lamprecht
2024-05-23 12:10 ` Gabriel Goller
2024-05-23 12:42 ` Thomas Lamprecht
2024-05-28 8:18 ` Gabriel Goller
2024-05-28 8:33 ` Gabriel Goller
2024-06-04 12:50 ` Gabriel Goller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a8fcc8af-5623-4d3c-a920-a3003d3a3580@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=g.goller@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
--cc=t.lamprecht@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.