Feature: password authentification per spreadsheet #294
Comments
|
This is really the role of a CMS and at the point our recommendation is to use http://sandstorm.io/ which has a very fine-grained (read-only and read-write) ACL model. However pull requests or REST API design documents are still welcome! |
|
+1 on this! |
|
I think it does not have to be the delegated to a cms, because I don't think about users rights and ACL models. I imagine password protection per spreadsheet. For example a check box where you can activate password protection and have to set the password. The password is stored in the spreadsheet data and gets evaluated, if someone want to access this spreadsheet. |
|
Having the spreadsheets password protected would be very useful. On the field, there are many users that would benefit from this feature. @audreyt I would be keen to work on a patch for this, but need some guidance as to where to start. Would you be so keen to get me started? Thanks for the great piece of software anyway. |
|
One can start with REST API endpoints that PUTs to an additional |
|
Hi there, |
|
@PhilLAL https://sandstorm.io/ has ethercalc with passwords @ponchowang did look at adding permission management see #416 |
What do you think of this proposal for password protection that would offer a certain level of access restriction along with privacy: even server would not store a "clear" version of the spreadsheet. The idea would be, when user defines a password for a spreadsheet to get SocialCalc encrypt cell before transmitting them: Istead of emitting There will certainly be an issue with the server side SocialCalc which cannot be updated correctly because of server not having the password ... we will need to find a way around. |
|
I did look at options for it maybe 2 years ago. Sandstorm version has passwords. But I don't think anyone is working on it, I expect it is a time/money issue.
…---
Eddy Parkinson PhD
Software Engineering and Logistics
Mobile 0406 962 958
New ideas pass through three periods: 1) It can`t be done. 2) It
probably can be done, but it`s not worth doing. 3) I knew it was a good
idea all along! - Arthur C. Clarke
On Wednesday, 15 March 2017, 08:17:28 GMT+10:30, PhilLAL <[email protected]> wrote:
Hi there,
is there any news about this enhancement?
It seems a lot of people see password protection of a calc as mandatory, moreover when they come from googlecalc.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
Did not try sandstorm.io but seems to require user accounts, what I wanted is to keep the "spirit" of ethercalc : to set up is just simple password protection of a given sheet without need of user management. |
Use case?Why do you want to hide a cell value. What is the use case? feasible to modifyyes, it is easy to hide the cell value, but a programmer could find the value if they wanted. |
|
I know this is kinda an old feature, but this is the only feature stopping me from using EtherCalc, really impressed with it but i'd be worried about putting financial data on it if there is a chance someone can stumble across it. Any news on this? :) Great work btw |
|
@JS-E https://sandstorm.io/ version has passwords. It lets you share sheets. Depends what level of sharing you want (account/sheet/cell/read/write). |
|
@eddyparkinson Appreciate the reply, had a little look/messed about with it. Looks awesome. Getting a few issues with the wildcard url stuff but it will work nicely for my requirements :) Thanks! |
|
@JS-E If you have any issues with Sandstorm, feel free to open an issue on sandstorm-io/sandstorm Issues. Wildcard setup is indeed a challenge for many, but it's crucial to the security model. Depending what your scenario is, there's a few options such as Sandcats for external use or xip.io for internal use, and if you have any ideas where we can improve here, let us know! |
|
@ocdtrekkie Thanks for the reply, i've sent an email with my issue to [email protected] with a bit more of a description of my issue. I'll happily send feedback on things i think could be improved once i get it up and running :) |
|
@JS-E Note that the email list or GitHub issues will get a response much faster than contact@. |
|
@ocdtrekkie Understood, but i feel this is more me doing something wrong than a bug or a fault with the system itself. Didn't want to raise an issue if it's just me being a pleb haha |
|
@JS-E We consider anything that isn't a technical bug to potentially be a documentation bug. ;) contact@ usually gets checked only on weekends probably. |
|
@ocdtrekkie Fair point haha i'll mention it in an issue :) |
|
Note that you could dork them as well so the random url is not a security layer so far.
|
|
@hell It's probably a good idea if EtherCalc privacy is important to you to ensure search engines aren't crawling your server. (And I wouldn't assume ethercalc.org is an inherently secure place to store your data.) I would characterize EtherCalc as a spreadsheet product, not a security product, and EtherCalc doesn't really have the scale of development resources such that you'd want to rely on it managing it's own security. Sandstorm, Cloudron, and other self-hosting platforms often are security products, and you can hence run EtherCalc securely in them. |
It would be great to have the opportunity that users/authors of spreadsheet could set a password for accessing their sheet.
Most of the time spreadsheets are used to organize stuff and they contain sensitive data, which should not be exposed to the web.
In addition to the random url, it would be great if the author of the spreadsheet could set a password on his/her own.
Delegating the auth mechanism to apache / nginx as described in #4 , #166 is only an option for the server administrator and not for the users.
The text was updated successfully, but these errors were encountered: