Security

We currently have our Amigopod set up to send an email notification to a sponsor who can either accept or deny the guests request for access.  It works great but the questions being asked are these accept or denies being logged somewhere, can they be exported?.  The second question is what happens if the request is ignored.  The guest never gains access but how long goes the request remain in the system?  I've looked but haven't been able to find anything in the Amigopod to answer these.

Sorry, just saw I posted in the wrong place :smileyembarrassed:

---

@wmccall wrote:

Sorry, just saw I posted in the wrong place :smileyembarrassed:

---

No worries, your post has been moved for better exposure. :)

It stays there forever, but:

- The user is created when the request is sent out, but is disabled.  

- By default that user is created and the clock is ticking on that user account when the request is sent.

- If the user only has a lifetime of 1 day, the user will expire, whether approved or not, and it does not matter if the link is clicked to enable that user.

Long story short, is it not the request that is important; it is the user creation.

Not quite forever.  The registration will be setting whatever your desired expiration is (expire_after, or expire_time).  If your expire action is to delete (do_expire of 3 or 4), then the account will be deleted at that time whether accepted or not.  The tokens to confirm a user are directly tied to the user account and are deleted at the same time.

Thanks for the insight.

And the logging question?

yes,

If yo go to Support> Application log, you will see a long list of everything that everybody has done, along with the ip address that they did it from.  That is the most comprehensive list of who-did-what.

If you have one setup a syslog server as well so you can report on it.