Web Wiz Support and Community Forums : Search is too good! https://forums.webwiz.net/ Copyright (c) 2006-2013 Web Wiz Forums - All Rights Reserved. Thu, 16 Apr 2026 02:31:55 +0000 Wed, 26 Oct 2005 17:11:09 +0000 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 12.08 360 https://forums.webwiz.net/RSS_post_feed.asp?TID=10202 <![CDATA[Web Wiz Support and Community Forums]]> https://forums.webwiz.net/forum_images/web_wiz_forums.png https://forums.webwiz.net/ <![CDATA[Search is too good! : I&#039;ll take a slightly slower...]]> https://forums.webwiz.net/search-is-too-good_topic10202_post92790.html#92790 Author: aaronm32
Subject: 10202
Posted: 26 October 2005 at 5:11pm

I'll take a slightly slower search over the security risk of allowing users to access parts of the forum they shouldn't be allowed to see any day.  Thanks for the code Frank!]]> Wed, 26 Oct 2005 17:11:09 +0000 https://forums.webwiz.net/search-is-too-good_topic10202_post92790.html#92790 <![CDATA[Search is too good! : also using that INPARAMS to fold...]]> https://forums.webwiz.net/search-is-too-good_topic10202_post80999.html#80999 Author: dj air
Subject: 10202
Posted: 12 April 2005 at 6:03am

also using that INPARAMS to fold the forums they can access is a security risk for what you want.

because searchs use the get command the forums allows are shown withinthe querystring, so a user can change that to allow them viewablilityto all forums.

as suggested its best to do the check on the search page
]]> Tue, 12 Apr 2005 06:03:35 +0000 https://forums.webwiz.net/search-is-too-good_topic10202_post80999.html#80999 <![CDATA[Search is too good! : Hi fbridge2, I used your fix...]]> https://forums.webwiz.net/search-is-too-good_topic10202_post80976.html#80976 Author: Munawar
Subject: 10202
Posted: 11 April 2005 at 9:03pm

Hi fbridge2,
  I used your fix and it works.  Thanks for the help.
 
  To clean this code up, you could move the "Forum Access" check into search.asp, that way you dont have to use the hidden input.  Anyway, it works, and I'm not too picky Wink.

Munawar
]]> Mon, 11 Apr 2005 21:03:39 +0000 https://forums.webwiz.net/search-is-too-good_topic10202_post80976.html#80976 <![CDATA[Search is too good! : Piece of cake! Collect the forum...]]> https://forums.webwiz.net/search-is-too-good_topic10202_post55585.html#55585 Author: fbridge2
Subject: 10202
Posted: 29 April 2004 at 9:30am

Piece of cake!

Collect the forum ids to which the user has access on the search_form and store in an hidden input. Collect from the select named "FM"

<input name="INPARAMS" type="hidden" value="(5,4,7,6)">

this is now passed to search.asp and can be inserted in the SQL statement as

"WHERE Forum_ID IN " & Request.QueryString("INPARAMS")

I suppose this could be considered insecure as the params are sent as POST info but for speed there is little or no overhead as suggested. These could be obfuscated if needs be.

Regards
Frank

]]> Thu, 29 Apr 2004 09:30:39 +0000 https://forums.webwiz.net/search-is-too-good_topic10202_post55585.html#55585 <![CDATA[Search is too good! : Many thanks. I will have a go...]]> https://forums.webwiz.net/search-is-too-good_topic10202_post55536.html#55536 Author: fbridge2
Subject: 10202
Posted: 28 April 2004 at 5:36pm

Many thanks. I will have a go and post the results back here (if successful!)

Frank

]]> Wed, 28 Apr 2004 17:36:42 +0000 https://forums.webwiz.net/search-is-too-good_topic10202_post55536.html#55536 <![CDATA[Search is too good! : fbridge2 wrote:I have a very...]]> https://forums.webwiz.net/search-is-too-good_topic10202_post55517.html#55517 Author: thekiwi
Subject: 10202
Posted: 28 April 2004 at 2:55pm

Originally posted by fbridge2 fbridge2 wrote:

I have a very secure forum where all forums arePrivate Groups and each is user enabled on a member by memberbasis. (This is the only way I could overcome the deficiency wheremembers cannot be in Multiple Groups ). However, when a user does asearch they are given the SUBJECT list for ALL forums not just the onesthey have access for. Subsequent clicks disallow them from viewing thewhole post but still they have discovered areas to which they are notprivy. Has anyone fixed this?

Regards
Frank


Yes ... but only for SQL Server ... and no it doesn't incur a performace hit.
]]> Wed, 28 Apr 2004 14:55:29 +0000 https://forums.webwiz.net/search-is-too-good_topic10202_post55517.html#55517 <![CDATA[Search is too good! : This is by design to speed up...]]> https://forums.webwiz.net/search-is-too-good_topic10202_post55506.html#55506 Author: michael
Subject: 10202
Posted: 28 April 2004 at 2:10pm

This is by design to speed up searches afair. You could somewhat easily fix that yourself but may encounter performance issue.]]> Wed, 28 Apr 2004 14:10:00 +0000 https://forums.webwiz.net/search-is-too-good_topic10202_post55506.html#55506 <![CDATA[Search is too good! : I have a very secure forum where...]]> https://forums.webwiz.net/search-is-too-good_topic10202_post55501.html#55501 Author: fbridge2
Subject: 10202
Posted: 28 April 2004 at 1:37pm

I have a very secure forum where all forums are Private Groups and each is user enabled on a member by member basis. (This is the only way I could overcome the deficiency where members cannot be in Multiple Groups ). However, when a user does a search they are given the SUBJECT list for ALL forums not just the ones they have access for. Subsequent clicks disallow them from viewing the whole post but still they have discovered areas to which they are not privy. Has anyone fixed this?

Regards
Frank

]]> Wed, 28 Apr 2004 13:37:06 +0000 https://forums.webwiz.net/search-is-too-good_topic10202_post55501.html#55501