FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Bug Reports » Forum Security Problem! If "Forum Info" enabled
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
icon4.gif  Forum Security Problem! If "Forum Info" enabled [message #8919] Sat, 01 March 2003 20:49 Go to next message
kaepten is currently offline  kaepten   Switzerland
Messages: 9
Registered: February 2003
Karma: 0
Junior Member
If "Forum Info" is enabled every new message ist shown in the info Box.

The permissions of the "Group Manager" are inoperative.

A new message in a forum which permissions are hidden=false and read=false for unregistered users is shown in the Info Box an browsable for any user!

cheers
kaepten

There are additional problems of this type. In the profile of a user is the last posted message visible and browsable! For me is this a big problem, because i have a lot of different forums with different users/permissions. But with whis security hole, all group permissions are useless!


** my sig **

[Updated on: Sat, 01 March 2003 21:12]

Report message to a moderator

Re: Forum Security Problem! If "Forum Info" enabled [message #8944 is a reply to message #8919] Mon, 03 March 2003 14:37 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
Which version of the forum are you using?

FUDforum Core Developer
Re: Forum Security Problem! If "Forum Info" enabled [message #8946 is a reply to message #8944] Mon, 03 March 2003 14:42 Go to previous messageGo to next message
kaepten is currently offline  kaepten   Switzerland
Messages: 9
Registered: February 2003
Karma: 0
Junior Member
"Powered by: FUDforum 2.3.7" Very Happy

** my sig **
Re: Forum Security Problem! If "Forum Info" enabled [message #8987 is a reply to message #8946] Wed, 05 March 2003 19:27 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
Cannot verify the problem on 2.3.8 CVS and according to the source code the permission check is there in 2.3.7 and unless the user is an admin he cannot bypass it.

FUDforum Core Developer
Re: Forum Security Problem! If "Forum Info" enabled [message #9007 is a reply to message #8987] Thu, 06 March 2003 15:27 Go to previous messageGo to next message
kaepten is currently offline  kaepten   Switzerland
Messages: 9
Registered: February 2003
Karma: 0
Junior Member
Hi prottoss

Sorry for the panic. I think it was a problem of sessions/cookies (what ever) that i could see also as unregistered user the hidden posts. I have test it on another computer an it works how it should.

I don't understand: whats 2.3.8 CVS do i need it? A update is not possible, i have once again permission problems. Please see my other posting in the Intstallation-Forum.

kaepten


** my sig **

[Updated on: Thu, 06 March 2003 15:32]

Report message to a moderator

Re: Forum Security Problem! If "Forum Info" enabled [message #9115 is a reply to message #9007] Thu, 13 March 2003 15:00 Go to previous message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
You can use 2.3.8 release, no need for CVS.

FUDforum Core Developer
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: No validation in admuser.php
Next Topic: your search engine
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 11:56:28 GMT 2024

Total time taken to generate the page: 0.02834 seconds