Issue 1656: The gerrit web front end is publicly viewable without even being a registered user
Status:  Invalid
Owner: ----
Closed:  Nov 2012
Reported by chapp...@gmail.com, Nov 10, 2012
************************************************************
***** NOTE: THIS BUG TRACKER IS FOR GERRIT CODE REVIEW *****
***** DO NOT SUBMIT BUGS FOR CHROME, ANDROID, INTERNAL *****
***** ISSUES WITH YOUR COMPANY'S GERRIT SETUP, ETC.    *****
***** THOSE ISSUE BELONG IN DIFFERENT ISSUE TRACKERS!  *****
************************************************************

Affected Version:

2.5

What steps will reproduce the problem?
1. Access a gerrit site for which you do not have a user account
2. Browse through all of the information it provides.

What is the expected output? What do you see instead?

I would expect there to be an option to lock down the main web front end so that unregistered users cannot browse through all of the information. I realize that gerrit is used in many cases where the repositories are public. However, in my case I would like to use it in a commercial environment where not all of the repositories are suitable to public viewing. Even within the organization itself. It would be nice to guard access via a login screen. In addition to this, giving the administrators control to add/remove users would be required.

Nov 10, 2012
Project Member #1 edwin.ke...@gmail.com
Just make sure that read access is not granted to 'Anonymous Users', then you shouldn't see anything if you're not logged in.
Nov 13, 2012
#2 david.ch...@exinda.com
Perfect. That worked :) Still getting used to the flexibility of the access control mechanisms.
Nov 13, 2012
Project Member #3 edwin.ke...@gmail.com
(No comment was entered for this change.)
Status: Invalid