Information leak

Post Reply

Page 12 3 >

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
ilnar Members Profile Find Members Posts Newbie Joined: 02 October 2003 Status: Offline Points: 9	Post Options Post Reply Quote ilnar Report Post Thanks(0) Quote Reply Topic: Information leak Posted: 02 October 2003 at 5:09am
	sorry for my english. Finded in webwiz forum v 7.01 If i hide forum for no permission users, forum is hided. But i can get hided forums list in active_topics.asp - select active topics since month - i view list of hided forums and topics in these forums. Why? I think, what is Information leak in forum.

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 02 October 2003 at 5:56am
	This is not a bug but done by design to improve performance. This has also bee bought up many times before if you do a search of the forum.
	Web Wiz Forums Hosting ASP.NET Web Hosting

b_bonnett Members Profile Find Members Posts Mod Builder Group Joined: 16 April 2003 Location: New Zealand Status: Offline Points: 275	Post Options Post Reply Quote b_bonnett Report Post Thanks(0) Quote Reply Posted: 03 October 2003 at 2:07am
	I think there is also a mod for this in the Mod's Forum... Blair
	Webmaster, The Plane Gallery Greetings From Christchurch

fernan82 Members Profile Find Members Posts Mod Builder Group Joined: 17 November 2002 Location: United States Status: Offline Points: 362	Post Options Post Reply Quote fernan82 Report Post Thanks(0) Quote Reply Posted: 03 October 2003 at 2:13am
	Also in the last topic about this ljamal posted a query you can use that I think it should not cause a performance hit as if you would call the permissions function for every topic.... I've haven't yet seen the mod tho and I don't know how it works but I think ljamal's idea is the best way to fix this...
	FeRnAN

ilnar Members Profile Find Members Posts Newbie Joined: 02 October 2003 Status: Offline Points: 9	Post Options Post Reply Quote ilnar Report Post Thanks(0) Quote Reply Posted: 03 October 2003 at 2:23am
	i disagree with design to improve performance. Reasons: 1. if i hide several forum for user -> set of unhidded forums became less when before -> it is more comfortable for SELECT operation to database. 2. don't safe performance to reach the security

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 03 October 2003 at 2:33am
	At the present time it will be left as it is becuase the query to get it to run sucessfully was so long and had so many subquries it ment that if you had over around 50 posts in your forum the page took almost a minute to load. The query in the post that fernan82 mentions that doesn't decrease performance only works if you have values entered into the permissions table for that forum otherwise the query completly fails to return any results, it also over looks the generic forum permisions and also over looks any permisions on that forum for that perticular user and so doesn't work very well. Incase you still want to try this query it's in a post at:- http://forums.webwiz.net/forum_posts.asp?TID=2165 But beaware that you need to enter group permisions for each forum and it will over look generic and user permisions. Edited by -boRg-
	Web Wiz Forums Hosting ASP.NET Web Hosting

ljamal Members Profile Find Members Posts Mod Builder Group Joined: 16 April 2003 Status: Offline Points: 888	Post Options Post Reply Quote ljamal Report Post Thanks(0) Quote Reply Posted: 03 October 2003 at 11:16am
	The query I built (see http://forums.webwiz.net/forum_posts.asp?TID=5751) using a stored procedure can return 50 rows and render the page in 1 second or less and could be ported to a simple Access query. It checks generic permissions on the forum as well as user and group specific permissions. I believe -borg- confused my post with Zamal's. If any one is interested in having a mod created for this, I will consider doing it, but I'm currently in the midst of 4 different projects all due by mid November so it may take some time.
	L. Jamal Walton L. Jamal Inc : Web/ Print Design and ASP Programming

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 03 October 2003 at 11:38am
	I shall have a look at the stored procedure that you mention.
	Web Wiz Forums Hosting ASP.NET Web Hosting

Post Reply	Page 12 3 >

Forum Jump

Forum Permissions View Drop Down

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum