You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When working on pentesting customer's equipment, it would be nice to access SysReptor and directly insert screenshots, notes, findings (instead of collecting evidence, transferring, uploading).
However, the customer controls the equipment and might compromise the SysReptor user and thereby data of other projects.
To resolve this, we might allow users to create sub-users that are restricted to a single project.
Pentest customers could then also compromise the user but only get access to the current (customer's) project.
This sub-user could also create (or use) an API token to be able to use reptor (CLI) and the regular API.
The API token can expire, as soon as the project is finished.
The text was updated successfully, but these errors were encountered:
When working on pentesting customer's equipment, it would be nice to access SysReptor and directly insert screenshots, notes, findings (instead of collecting evidence, transferring, uploading).
However, the customer controls the equipment and might compromise the SysReptor user and thereby data of other projects.
To resolve this, we might allow users to create sub-users that are restricted to a single project.
Pentest customers could then also compromise the user but only get access to the current (customer's) project.
This sub-user could also create (or use) an API token to be able to use reptor (CLI) and the regular API.
The API token can expire, as soon as the project is finished.
The text was updated successfully, but these errors were encountered: