necouchman commented on PR #911: URL: https://github.com/apache/guacamole-client/pull/911#issuecomment-1741607122
> What's the intended behavior for the case that an address matches subnets/addresses within both the enforce list and the bypass list? That's a good point - probably should give some more intentional thought to that. As it is currently written, as soon as an address is found in the bypass list, the user verification function will return, bypassing MFA authentication, and the enforcement list will never be processed. I'm tempted to re-arrange things a bit where enforcement would actually "take precedence", and that a host in both lists would always be enforced. That seems like the more security-conscious way to go. I'm open to suggestions, opinions, or discussion, though! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
