Consider removing untrusted checkbox

Problem/Motivation

A good discussion point I guess.

Currently users can tick a box to trust the wrong IPs and there's no option to remove this option from them. From my perspective it is really not a user option and should be moved to the main configuration so it can be restricted behind a configuration area (or maybe made so can be turned off the ability to use it).

It's also probably not the best approach as it trusts ALL incoming IPs - meaning all trust is broken - any visitor just needs to whack in the IP in the X-Forwarded-For or other trusted header and they match the condition. When likely there is one location with one proxy that needs trusting. Using the trusted proxies setup in Drupal would be better and is heavily vetted, but granted that changes source IP for all code. But perhaps this is for the system admin to resolve safely, or requires a new syntax for listing the trusted proxies for an address match but I think that is beyond what a standard user is familiar with.

Steps to reproduce

-

Proposed resolution

Allow hiding untrusted checkbox or remove it and rely on Drupal trusted proxy setup.

Remaining tasks

-

User interface changes

-

API changes

-

Data model changes

-