Hi all!
Exciting news - Upsert has revived the open-source IP Restriction Manager! It's completely updated for Sugar 12.0+ and, best of all, it's free!
What's so improved about it?
Increased Security
Previously, the IP Restriction Manager only restricted access during authentication and token refreshes. This is problematic, as a user's IP could change during the session. It would also allow an attacker to gain access into the application if they have stolen an access token. We've corrected this by revamping the plugin to validate all authenticated requests.
Better Performance
We've revisited the user access checks and improved everything from code to queries so that user experience doesn't suffer. We've also implemented caching for faster requests
New Configurations
We've added the following configurations:
- Disable the plugin at an administrative level
- Enable user restriction caching for faster performance
- Enable in-app logging for user troubleshooting
Neat and Tidy
Extra libraries no more! Because SugarCRM has updated the libraries they use, we no longer need to ship the Symfony HttpFoundation component library. You'll also find a new organizational approach to the code and its structure.
Blog: https://upsertconsulting.com/blog/2022/an-oldie-but-a-goodie/
Download: https://upsertconsulting.com/plugins/ip-restriction-manager/