From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Proxmox Backup Server development discussion
<pbs-devel@lists.proxmox.com>,
Gabriel Goller <g.goller@proxmox.com>
Subject: Re: [pbs-devel] [PATCH backup/proxmox-backup 0/4] fix #5463: add optional consent banner before login
Date: Wed, 22 May 2024 17:31:14 +0200 [thread overview]
Message-ID: <1b388e0c-1239-4f91-9273-c329180ff4ec@proxmox.com> (raw)
In-Reply-To: <20240522131950.247728-1-g.goller@proxmox.com>
Am 22/05/2024 um 15:19 schrieb Gabriel Goller:
> This has been requested many times already for all products. To keep
> it simple as it's still quite a niche feature, works with a single file:
> /etc/proxmox-backup/consent.txt. If the file exists and is not empty,
> a consent banner will be shown in front of the login view.
>
> This is just a reference implementation for pbs to get some feedback
> and check if my general approach is alright. The same implementation
> will then be ported to pve and eventually pmg.
>
> Another disclaimer: IANAL (I am not a lawyer :) ), so the wording is
> probably off.
A few general questions for you and/or the original requester of this
feature:
This is currently still missing any actual barrier as it's all frontend,
shouldn't there be a cookie that is checked on the backend side if a
consent.txt exist? If this specific consent type (RMF AC-8 for US gov)
doesn't need that, it might be worth to replace the generic text box
with a type selection for that, we could always add a "custom" type
that takes a generic text and extent that with an option about how
strict it should be checked, if we get this now.
And how should API calls made using API tokens get handled, should they
have a header signalling consent or not? If, should there be a set of
standard consents that one can explicitly consent too? As a blanket
consent to an unknown text would not be of much use.
I'd in any way limit the length of the consent text to a relatively
high boundary, like 10 KiB.
Did you think about interpreting and rendering this as Markdown?
Did you check if there already exist (FLOSS) proxies that implement
this functionality by placing it between the user and any HTTP served
page/tool/ui, as that would not require us to do anything at all
(well, besides documenting it).
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next prev parent reply other threads:[~2024-05-22 15:31 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-22 13:19 Gabriel Goller
2024-05-22 13:19 ` [pbs-devel] [PATCH proxmox-backup 1/4] api: add consent api handler and config Gabriel Goller
2024-05-22 13:19 ` [pbs-devel] [PATCH proxmox-backup 2/4] ui: show consent banner before login Gabriel Goller
2024-05-22 15:21 ` Thomas Lamprecht
2024-05-23 9:41 ` Gabriel Goller
2024-05-22 13:19 ` [pbs-devel] [PATCH proxmox-backup 3/4] docs: add section about consent banner Gabriel Goller
2024-05-22 13:19 ` [pbs-devel] [PATCH backup 4/4] window: add consent modal Gabriel Goller
2024-05-22 15:31 ` Thomas Lamprecht [this message]
2024-05-23 7:51 ` [pbs-devel] [PATCH backup/proxmox-backup 0/4] fix #5463: add optional consent banner before login Dominik Csapak
2024-05-23 9:24 ` Thomas Lamprecht
2024-05-23 12:10 ` Gabriel Goller
2024-05-23 12:42 ` Thomas Lamprecht
2024-05-28 8:18 ` Gabriel Goller
2024-05-28 8:33 ` Gabriel Goller
2024-06-04 12:50 ` Gabriel Goller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1b388e0c-1239-4f91-9273-c329180ff4ec@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=g.goller@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox