Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersFeature request - PLEASE listen Xero!
JellyWeb

67 posts

Master Geek


#60432 26-Apr-2010 08:15
Send private message

Dear Kirk and team,

I have asked this via your support channel (more than once), but never got a response, so going public, and hoping some other Xero users will back me on this.

We've been using Xero for well over a year now, and I've always been concerned about the fact that our staff can access Xero from anywhere.

What I have asked for is the ability to lock down access per user by IP address, so that our admin staff can only access Xero from our office.   Obviously business owners would need to control this on a per user basis, so they (or anyone they want to trust) could continue to access Xero from home or mobile.  i.e. Access control via IP address should optional (per user).

Being an asp.net web developer I know this is easy to do (because we've acutally done exactly this for one of our clients' web admin systems),  but to be fair I don't have any insight to how your authentication systems work, and possible other issues.

This would be a huge selling point of Xero for those who fear putting their accounting system in the cloud makes it far too easy for their confidential financial information to be 'leaked' out by staff members.

Does anyone else agree this would be a great feature?  I would love to see it implemented soon.

Many thanks,
Tim

Create new topic
RodDrury
33 posts

Geek

Trusted
Xero

  #323033 26-Apr-2010 14:07
Send private message

Hi Tim,

We always appreciate feedback and suggestions. We do monitor requests for new features carefully and the restriction of user access by IP address has not featured as a common request at this stage. While this would offer some increased security control, it would not stop an authorised user leaking information via reports or other forms if they wanted to, as they could with any system. It could also prove frustrating when a staff member wanted to urgently access Xero from home or other out-of-office locations for legitimate reasons. 

At this stage our thinking would be to extend the current view of a User's 'last login' details to include the last 10 logins and the associated IP address for each session.   This would provide a broader audit trail of activity across all users with access to your organisation to help identify if any users account had been compromised or shared with persons from other locations. 

We'll be interested to see other customers feedback on this discussion. 

Cheers

Rod 





Xero (The world's easiest accounting system) | Xero Blog | 2009 Success & Survival Guide

 
 
 
 

Shop now on AliExpress (affiliate link).
freitasm
BDFL - Memuneh
78995 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #323036 26-Apr-2010 14:14
Send private message

I agree with Rod on this. While it may give some a (false) sense of security, it does nothing to prevent actual leak of data. According to some reports, most of these leaks are either inside jobs, or trojans planted on computers that are allowed to access that data.

This restriction wouldn't make it any harder for people to get hold of this information if they really wanted to, but would make it harder for people who actually work with that every day...




Please support Geekzone by subscribing, or using one of our referral links: Mighty ApeSamsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

 

My technology disclosure

JellyWeb

67 posts

Master Geek


  #323050 26-Apr-2010 14:30
Send private message

Thanks Rod,

I hear where you're coming from.  I agree that using any accounting system, a rogue employee could 'leak' financial data, my main point is with Xero this is incredibly easy as compared to something like MYOB. It also requires no planning or secrecy to take data outside of the company's office/network (for example they could get their smartphone out at the pub after a few beers and show financials to anyone who asks 'what's Xero like').

I like your suggestion, perhaps with addition of persisting the last know 5 [unique] IP addresses (so that it's clear to business owners if external access has happened). 

At the moment our employee contract states that Xero should not be accessed outside our office, but there is no way of enforcing or tracking that. 

Maybe another way around this concern is for a list of allowed IP addresses, and an alert to administrators (upon next login) if a user logs in from any other IP address (eg ! Tim Thomas accessed this Xero account from 192.168.1.1 at 9.15 a.m on 14/04/2010). 

Thanks for listening!
Tim



RodDrury
33 posts

Geek

Trusted
Xero

  #323090 26-Apr-2010 15:43
Send private message

Great ideas.

Rod 





Xero (The world's easiest accounting system) | Xero Blog | 2009 Success & Survival Guide

patatrat
261 posts

Ultimate Geek


  #323091 26-Apr-2010 15:46
Send private message

Hey guys.

I haven't used Xero, so I'm not sure what features you currently have regarding this sort of stuff. Looking at the original feature request, I can see how this would not be useful for the majority of users (one of the main advantages of using webbased SaaS is that you can use it from any computer / IP address).

However, to achieve what the OP wants, maybe a different tack could be used. Instead of locking down based on IP address, Xero could allow the user to view what users have logged on to the System, via what IP address.

Currently, most internet banking sites and even gmail allows you to see when you were last logged on and what IP address you logged on with. If Xero provided the ability for the OP to generate a report that listed all users / IP address and times, the OP would be able to check if his staff have been logging in at home, and then handle the issue via some sort of business process.

It would just help the OP - it would also benefit the slightly paranoid, who want to check that someone else hasn't been using their account. Essentially, Xero will only be giving the users more information about their security so they can choose the most appropriate action.

Just an idea anyway. I'll send you an invoice for the analysis later, eh?

patatrat
261 posts

Ultimate Geek


  #323093 26-Apr-2010 15:49
Send private message

JellyWeb: Thanks Rod,

I like your suggestion, perhaps with addition of persisting the last know 5 [unique] IP addresses (so that it's clear to business owners if external access has happened). 




That is what I get for being a slow typer - you got there before I did.
 

Create new topic





News and reviews »

New Suunto Run Available in Australia and New Zealand
Posted 13-May-2025 21:00

Cricut Maker 4 Review
Posted 12-May-2025 15:18

Dynabook Launches Ultra-Light Portégé Z40L-N Copilot+PC with Self-Replaceable Battery
Posted 8-May-2025 14:08

Shopify Sidekick Gets a Major Reasoning Upgrade, Plus Free Image Generation
Posted 8-May-2025 14:03

Microsoft Introduces New Surface Copilot+ PCs
Posted 8-May-2025 13:56

D-Link A/NZ launches DWR-933M 4G+ LTE Cat6 Wi-Fi 6 Mobile Hotspot
Posted 8-May-2025 13:49

Synology Expands DiskStation Lineup with DS1825+ and DS1525+
Posted 8-May-2025 13:44

JBL Releases Next Generation Flip 7 and Charge 6
Posted 8-May-2025 13:41

Arlo Unveils All-New PoE Adapter With Enhanced Connectivity
Posted 8-May-2025 13:36

Fujifilm Instax Mini 41 Review
Posted 2-May-2025 10:12

Synology DS925+ Review
Posted 23-Apr-2025 15:00

Synology Announces DiskStation DS925+ and DX525 Expansion Unit
Posted 23-Apr-2025 10:34

JBL Tour Pro 3 Review
Posted 22-Apr-2025 16:56

Samsung 9100 Pro NVMe SSD Review
Posted 11-Apr-2025 13:11

Motorola Announces New Mid-tier Phones moto g05 and g15
Posted 4-Apr-2025 00:00








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Backblaze unlimited backup



RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
Hatch
GoodSync
Backblaze backup
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright