I have some exciting requirements from a client on the table and I think I have solved them. But I wanted to reflect with you briefly to make sure I haven't overlooked anything. The client uses Limesurvey less for surveys and more as forms. So, for example, holiday applications, etc. These are all internal and secured via a reverse proxy, so that only logged-in users can access the surveys.Now, however, there will also be forms that should be publicly accessible. So, for example, sending a customer a link so they can fill out an order, etc.We don't want to create extra users for the secure internal area, as this would come with all sorts of effort (extended user management, roles, external users would have to register, etc).I've solved it like this: Limesurvey is installed again, accesses the same database as the internal version, but the path is public and excluded from the authentication mechanism of the reverse proxy.When you call up a survey via the public path, you can access it without authentication.This works - I've already tested it.My question to you: Am I overlooking something from a security perspective? For example, I will delete all the admin modules in the public path so that the admin area can't even be called up.Thank you very much for your feedback.

How is managed Authentication ?

1. DB user can still have access to admin part. Need a way to disable authentication (and remote control) link (can be done via vhost or nginx config)
2. All survey can be accessed by public url.

Thank you for your answer!

All internal surveys are closed access and need a token to be used. We have a customized internal interface from which employees can start the surveys and a token is created on the fly. Which in turn is not accessible publicly.

Normal users (authenticated via an auth service) don't have a LS user. Only admins.

When an internal survey is opened via the public path, LS asks for the token.

OK,
Still : How you disable access to authenticatoion via DB password ?

Quick (and dirty) way :
1. remove/rename : github.com/LimeSurvey/LimeSurvey/blob/ma...n/Authentication.php
2. remove/rename github.com/LimeSurvey/LimeSurvey/blob/ma...in/RemoteControl.php

Best way : send a 401 with your nginx/apache config according to URL (depend of your server: can not answer here).

I am not sure I can follow you.
Nobody has the DB password but me and the server admin of my customer.

Or do you mean a different password than the one from the db user we add in the installation process

The 1st user, is a superadmin.
You can not deactivate permission to connect via username/password (from DB).

 

manual.limesurvey.org/Manage_users/en#Se...rmissions_for_a_user

Ok got you now. The first user is me on the private as well as on the public.

But your point is correct anyway. This is why I wanted the deleted the whole admin module in the public installation but I really like your idea do just send an 404 for all admin paths.

Thank you very much for your thoughts and feedback

401 no access.

yes good catch!

one last question: any idea how I can disable best the public homepage? I don't find which file generates it - all the assets are loaded from temp/ twig cache also the translation points to an php in temp/twig cache

You can modify what is displayed in the survey theme twig file(s).

Thank you