Web Wiz Support and Community Forums : Security Issue

Web Wiz Support and Community Forums : Security Issue https://forums.webwiz.net/ Copyright (c) 2006-2013 Web Wiz Forums - All Rights Reserved. Fri, 03 Apr 2026 23:40:15 +0000 Mon, 03 Nov 2003 05:06:20 +0000 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 12.08 360 https://forums.webwiz.net/RSS_post_feed.asp?TID=6934 <![CDATA[Web Wiz Support and Community Forums]]> https://forums.webwiz.net/forum_images/web_wiz_forums.png https://forums.webwiz.net/ <![CDATA[Security Issue : I've looked at all teh queries...]]> https://forums.webwiz.net/security-issue_topic6934_post34430.html#34430 Author: WebWiz-Bruce
Subject: 6934
Posted: 03 November 2003 at 5:06am

I've looked at all teh queries in the search.asp page but they are socomplex I can't find a way to also look at the permisisons for the userwithout a search taking 10 minutes.]]> Mon, 03 Nov 2003 05:06:20 +0000 https://forums.webwiz.net/security-issue_topic6934_post34430.html#34430 <![CDATA[Security Issue : Thats great news Borg...I didn't...]]> https://forums.webwiz.net/security-issue_topic6934_post34422.html#34422 Author: Nick-V
Subject: 6934
Posted: 03 November 2003 at 4:35am

Thats great news Borg...I didn't find the discussion despite some searching but I'm sure I'll find the new SQL Stored Procedure.

Borg, does the new version also fix the search issue or shall I continue to look into what it does and how to get around it?

PS. I think I found pre-release stored procedure (Active Topics not Search) but I'm waiting for new version as it need to be called with 4 bits of data in the linkage. For those interested its at http://forums.webwiz.net/forum_posts.asp?TID=6268&a mp;KW=active+topics+procedure

Edited by Nick-V]]> Mon, 03 Nov 2003 04:35:22 +0000 https://forums.webwiz.net/security-issue_topic6934_post34422.html#34422 <![CDATA[Security Issue : The next version that I will release...]]> https://forums.webwiz.net/security-issue_topic6934_post34420.html#34420 Author: WebWiz-Bruce
Subject: 6934
Posted: 03 November 2003 at 4:30am

The next version that I will release today won't show topic titles for forums the user can't view on the active users page.

This was discussed in quite some length a few weeks ago and many thingstried out which resulted in a new stored procedure for SQL server and anew query for Access that I did post somewhere on this forum.
]]> Mon, 03 Nov 2003 04:30:59 +0000 https://forums.webwiz.net/security-issue_topic6934_post34420.html#34420 <![CDATA[Security Issue : I am no technical authority but...]]> https://forums.webwiz.net/security-issue_topic6934_post34418.html#34418 Author: Nick-V
Subject: 6934
Posted: 03 November 2003 at 4:28am

I am no technical authority but carried out some user testing and wish to share my results to encourage solutions.

The Active Topics Issue

First, The Search Issue is different and will be looked into separately.

It appears that forums can be included or excluded in the Active Topics list based on the following criteria:

If the Generic Forum Permission named Forum Access is set to All Users the forum topics will be included in the Active Topics list. Under all other circumstances the topics will not display.

Group Permissions are not considered in the display of topic names but do control access to the postings as one would expect. The issue, therefore, is controlling the display of the topic name. To help you:

if you have attempted to secure your forums using generic permissions, active topics will not work for NO-ONE.
If you wish EVERYONE (including guests) to see all of your topic names set the Generic Forum Permission to All Users and use Group Permissions to control access to the forum's content. Thus, topic names can be seen but threads cannot be read.
If you wish to prevent EVERYONE (including users with forum access) from seeing the topic names in specific forums, set the Generic Forum Permission for the specific forums to Private Groups and set up Group Permissions to control access to the forum's content.

If you wish to have increasing levels of users like Guests, Customers, Staff and Managers and use Active Topics you'll have to set up separate forums!!! The only three options are hidden for all, hidden for no-one, hidden for private forums.

As mentioned previously, the deficiency is that it is not possible to secure topic names without losing use of the Active Topics facility (even for those permitted to see the threads themselves).

I'd appreciate any ideas or feedback on this.

Edited by Nick-V]]> Mon, 03 Nov 2003 04:28:10 +0000 https://forums.webwiz.net/security-issue_topic6934_post34418.html#34418 <![CDATA[Security Issue : I also searched and could only...]]> https://forums.webwiz.net/security-issue_topic6934_post34414.html#34414 Author: Nick-V
Subject: 6934
Posted: 03 November 2003 at 3:05am

I also searched and could only find http://forums.webwiz.net/forum_posts.asp?TID=1058&a mp;KW=search+topics+hidden.

The thread provides a line of code not instructions where to enter it. I suspect it just changes the topic name displayed to "Special Topic" if the topic found is from forum 1 or whatever you determine to be the sensitive forums.

As he states, its a fast cover-up but not a solution.

]]> Mon, 03 Nov 2003 03:05:19 +0000 https://forums.webwiz.net/security-issue_topic6934_post34414.html#34414 <![CDATA[Security Issue : can somone give link ? i searched...]]> https://forums.webwiz.net/security-issue_topic6934_post34401.html#34401 Author: zadax
Subject: 6934
Posted: 03 November 2003 at 1:24am

can somone give link ?

i searched and searched and didnt find it

]]> Mon, 03 Nov 2003 01:24:29 +0000 https://forums.webwiz.net/security-issue_topic6934_post34401.html#34401 <![CDATA[Security Issue : i think someone made a mod for...]]> https://forums.webwiz.net/security-issue_topic6934_post34383.html#34383 Author: dead_angel
Subject: 6934
Posted: 02 November 2003 at 7:28pm

i think someone made a mod for this, but not sure who or when or where it was posted, search back in the mod foums or on mad dogs site. i'm pretty sure it's been covered somewhere.]]> Sun, 02 Nov 2003 19:28:21 +0000 https://forums.webwiz.net/security-issue_topic6934_post34383.html#34383 <![CDATA[Security Issue : Is it true that ALL topics headings,...]]> https://forums.webwiz.net/security-issue_topic6934_post34374.html#34374 Author: Nick-V
Subject: 6934
Posted: 02 November 2003 at 5:16pm

Is it true that ALL topics headings, even those in private and hidden (secure?) forums can be seen by ALL users when they use SEARCH and ACTIVE TOPICS?

WWF contains some good security features but this sounds like a recent and significant flaw. I believe that securing topic names is just as important as securing the message itself. Just imagine !!!

Has anyone got a work-around or an add-on for this. I'd rather live with some slower performance or more basic security that allow all topic headings to be seen publicly.

Did I misunderstand this issue or what?

]]> Sun, 02 Nov 2003 17:16:31 +0000 https://forums.webwiz.net/security-issue_topic6934_post34374.html#34374