Bug: Two Logons Required for Admin

Post Reply

Page 12 3 >

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
djlurchg Members Profile Find Members Posts Groupie Joined: 31 March 2006 Status: Offline Points: 40	Post Options Post Reply Quote djlurchg Report Post Thanks(0) Quote Reply Topic: Bug: Two Logons Required for Admin Posted: 12 April 2006 at 5:20pm
	When I log on as administrator, I have to log on twice to access the control panel. The second time I have to enter that darn CAPTCHA code, which is turned off.

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 12 April 2006 at 6:18pm
	This is not a bug it is done by design. The Admin Control Panel needs super strength security because if a hacker gets into that section they can destroy your whole forum. To protect against this the admin area uses a different much more secure login system that doesn't allow auto login and uses a proprietary session system that is much more secure than ASP own built in session system. This does mean that admin must re-login to enter the Admin Control Panel, but this shouldn't be to much of an issue as you shouldn't need to enter the admin area to much once your forum is setup.

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 12 April 2006 at 6:19pm
	Also, if you don't want to login twice, you can login directly to the admin area by going to the file 'admin.asp', saves typing in the admin login details twice.

djlurchg Members Profile Find Members Posts Groupie Joined: 31 March 2006 Status: Offline Points: 40	Post Options Post Reply Quote djlurchg Report Post Thanks(0) Quote Reply Posted: 12 April 2006 at 7:37pm
	borg: After working through things (in the forum and in my head), I now understand the workflow. That doesn't mean I like it. I just wish I didn't have to log in twice.

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 13 April 2006 at 10:12am
	This method was bought in after tracking the habbits of a few prolific hackers that targeted Web Wiz Forums. Since the double login system in version 7.97 we seem to be ahead now of these hackers who have given up trying to access the admin section. Version 8 has gone even further than version 7.97 with even more security on the admin control panel with an even secure login method. I know this is a pain, but as the admin area isn't something that will be entered often it is a necessary evil. I imagine most users would rather have to log into the admin area thus doing a double login than find there forum or entire site (in a few cases) completely defaced and all forum data lost. Edited by -boRg- - 13 April 2006 at 10:13am

djlurchg Members Profile Find Members Posts Groupie Joined: 31 March 2006 Status: Offline Points: 40	Post Options Post Reply Quote djlurchg Report Post Thanks(0) Quote Reply Posted: 13 April 2006 at 5:41pm
	But the site CAN be defaced without the double login. I only need to use the quick login to edit and delete posts. If you're so concerned about security, then why not require a double login for all admin activities...or move the admin logon to an obscure, renamable page.

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 13 April 2006 at 5:57pm
	The main damage can be done through the admin control panel, this is why the need for more security there. The forum use to have a system in previous versions whereby the admin area was meant to be renamed or deleted after the initial setup, but no-one ever did, so that security measure was totally useless. I have explained the reason for the admin having to login into the admin control panel even if they are logged into the main forum, so please let this be be end to it. If you are seriously that against it, then there are plenty of of forum systems out there that don't bother with security, and maybe one of those would suite you better.

djlurchg Members Profile Find Members Posts Groupie Joined: 31 March 2006 Status: Offline Points: 40	Post Options Post Reply Quote djlurchg Report Post Thanks(0) Quote Reply Posted: 13 April 2006 at 6:09pm
	borg, The reason I chose WWF years ago was because it was A) Written in ASP, which I knew quite well B) Priced competetively C) Easy to hook in to so I could integrate with other applications D) A mature, stable product, with the right feature set. Reason C is now gone, which is disappointing. I can understand your frustration, I have to deal with the same thing. I've had to put up with several telephone calls and emails form forum members this week because they can't understand that they now need to log in twice to the site instead of just once like before. I've now spent 4 of the last 5 days on this project. Do you feel like I've been out of line or unprofessional in any way?

Post Reply	Page 12 3 >

Forum Jump

Forum Permissions View Drop Down

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum