Welcome to Geeklog, Anonymous Friday, November 29 2024 @ 12:37 pm EST
Geeklog Forums
Security Issue
tekvaio
Anonymous
I came across a security issue that will allow non admin users, or should I say anybody be able to access the editable pages only by knowing the url. I noticed this with Static pages and have yet to try any other "direct" links. Is there a away to secure this? Is more information necessary, and if so what will you need to know to supply this information.
thanks
TV
thanks
TV
6
5
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Please see Focus on Security on how we handle security issues (also linked from the "Resources" block on the left side, btw).
Thanks.
bye, Dirk
Thanks.
bye, Dirk
5
6
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
For the record: We haven't heard back from this gentleman.
The "edit" URLs are no secret and Geeklog's security model is not "security by obscurity". Unless someone found a novel way to bypass Geeklog's permission checks, I don't see how "anybody" would be able to edit static pages.
bye, Dirk
The "edit" URLs are no secret and Geeklog's security model is not "security by obscurity". Unless someone found a novel way to bypass Geeklog's permission checks, I don't see how "anybody" would be able to edit static pages.
bye, Dirk
8
7
Quote
All times are EST. The time is now 12:37 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content