Seitan
Registered user
Registered: 06-2003
Location: Lithuania
Posts: 4
Karma: 0 (+0/-0)
|
Reply | Quote
|
|
[FIXED] Security bug (forum posts security)
There's a security leak in the forums:
users can view topics of restricted rooms! - if you just viewed information of the user, which is alowed to post in those forums, his posts (even restricted ones) are visible i his profile!
Last edited by Pastor Rick, 8/31/2011, 2:43 pm
--- __________________________<br>
Best wishes....<br>
Seitan end Yvl<br>
Owner of:<br>
<a href="http://legacysystems.org" title="Legacy Systems(c)">Legacy Systems (c)</a><br>
[Solutions for your Windows system]
|
7/5/2003, 9:38 am
|
Link to post
Email Seitan
PM Seitan
|
RainbowWarriorDan
Regular poster
Registered: 05-2003
Location: Manchester, UK
Posts: 201
Karma: 0 (+0/-0)
|
Reply | Quote
|
|
Re: Security bug
Can the user see what the post contains or just the title of the topic in the members last post list?
---
|
7/5/2003, 4:43 pm
|
Link to post
Email RainbowWarriorDan
PM RainbowWarriorDan
|
Jag
A Posting Machine
Runboard user emeritus
Registered: 03-2003
Location: Blueshout
Posts: 2128
Karma: 42 (+72/-30)
|
Reply | Quote
|
|
Re: Security bug
quote: Seitan wrote:
There's a security leak in the forums:
users can view topics of restricted rooms! - if you just viewed information of the user, which is alowed to post in those forums, his posts (even restricted ones) are visible i his profile!
Do you mean like Thor's post in the mod office? If so you can see the topic title but you can click on it to see that post, you can only see it if you have the access to see it.
|
7/5/2003, 5:04 pm
|
Link to post
Email Jag
PM Jag
AIM
MSN
Blog
|
Seitan
Registered user
Registered: 06-2003
Location: Lithuania
Posts: 4
Karma: 0 (+0/-0)
|
Reply | Quote
|
|
Re: Security bug
Yep, you can't see the message body, but you can see the topic itself, and it is not a good thing. - restricted rooms means than noone wihout permission can read nay information there...
--- __________________________<br>
Best wishes....<br>
Seitan end Yvl<br>
Owner of:<br>
<a href="http://legacysystems.org" title="Legacy Systems(c)">Legacy Systems (c)</a><br>
[Solutions for your Windows system]
|
7/6/2003, 9:22 am
|
Link to post
Email Seitan
PM Seitan
|
Rimmer
Registered: 04-2003
Location: Straylia
Posts: 9750
Karma: 471 (+519/-48)
|
Reply | Quote
|
|
Re: Security bug
It's not a bug - they just need to switch off the 'view last posts' option.
|
7/6/2003, 9:31 am
|
Link to post
Blog
|
RainbowWarriorDan
Regular poster
Registered: 05-2003
Location: Manchester, UK
Posts: 201
Karma: 0 (+0/-0)
|
Reply | Quote
|
|
Re: Security bug
Its not the best thing in the world but seeing the topic title is not a serius problem, the title usualy contains little or no information anyway.
---
|
7/6/2003, 5:39 pm
|
Link to post
Email RainbowWarriorDan
PM RainbowWarriorDan
|
Seitan
Registered user
Registered: 06-2003
Location: Lithuania
Posts: 4
Karma: 0 (+0/-0)
|
Reply | Quote
|
|
Re: Security bug
quote: Rimmer wrote:
It's not a bug - they just need to switch off the 'view last posts' option.
Is this option available for the mods, or you need to change forum code itself?
--- __________________________<br>
Best wishes....<br>
Seitan end Yvl<br>
Owner of:<br>
<a href="http://legacysystems.org" title="Legacy Systems (c) solutions">Legacy Systems (c)</a><br>
[Solutions for your Windows system]
|
7/7/2003, 10:07 am
|
Link to post
Email Seitan
PM Seitan
|
spouzic
A Posting Machine
Runboard user emeritus
Registered: 04-2003
Location: Hell
Posts: 2803
Karma: 1 (+104/-103)
|
Reply | Quote
|
|
Re: Security bug
not allowing others to view your latest posts is an individual user option available to everyone.
control panel> misc. settings. > the last thing listed should be UNchecked to make last few posts private.
-Christina
|
7/7/2003, 10:11 am
|
Link to post
Email spouzic
PM spouzic
AIM
MSN
Yahoo
Blog
|
Seitan
Registered user
Registered: 06-2003
Location: Lithuania
Posts: 4
Karma: 0 (+0/-0)
|
Reply | Quote
|
|
Re: Security bug
But this will make all latest post invisible!
that's not good... - only the restricted ones must be invisible...
--- __________________________<br>
Best wishes....<br>
Seitan end Yvl<br>
Owner of:<br>
<a href="http://legacysystems.org" title="Legacy Systems (c) solutions">Legacy Systems (c)</a><br>
[Solutions for your Windows system]
|
7/7/2003, 11:06 am
|
Link to post
Email Seitan
PM Seitan
|
Iansgirl
Registered: 03-2003
Location: Mi Vida Loca
Posts: 1794
Karma: 26 (+41/-15)
|
Reply | Quote
|
|
Re: Security bug
It is just the title not a big deal.
|
7/7/2003, 4:19 pm
|
Link to post
PM Iansgirl
AIM
MSN
Yahoo
Blog
|