Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - Security Hole, Bad DB?
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Security Hole, Bad DB?
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
Mikeap View Drop Down
Newbie
Newbie


Joined: 12 March 2003
Location: United States
Status: Offline
Points: 37 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Mikeap Quote  Post ReplyReply Direct Link To This Post Topic: Security Hole, Bad DB?
    Posted: 12 March 2003 at 1:12pm

On Sunday night I used the translator to upgrade my old634.mdb to the new 7 version.

My forum is now locked because if a user, in the lowest group, logs into the site, he can click on anyones profile, then he sees the EDIT PROFILE button and can then edit that persons profile.

I've duplicated the problem over and over again.  No matter what my user access group is I can do it.  Obviously Admin's and Moderator's should be able to but EVERYONE can do it.  Potentially the problem is not that great for me because it's just a profile, BUT, the person can then change their own access level like if they were admins, giving themself access to our private forums.

Is this 7 problem or database problem?
Back to Top
Mikeap View Drop Down
Newbie
Newbie


Joined: 12 March 2003
Location: United States
Status: Offline
Points: 37 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Mikeap Quote  Post ReplyReply Direct Link To This Post Posted: 12 March 2003 at 1:13pm
Also, I just registered for this forum mere seconds ago, it said that I would get the e-mail in 15 minutes validating/registering my account ... yet I posted this seconds after?
Back to Top
michael View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 April 2002
Location: United States
Status: Offline
Points: 4670 		Post Options Post Options   Thanks (0) Thanks(0)   Quote michael Quote  Post ReplyReply Direct Link To This Post Posted: 12 March 2003 at 1:57pm
I am not sure what upgrade tool you used for your database but I did not encounter that problem with str8dogs which I used. Remember, it is still all beta so a security issue should have no impact at this time as we are just testing...
Back to Top
Mikeap View Drop Down
Newbie
Newbie


Joined: 12 March 2003
Location: United States
Status: Offline
Points: 37 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Mikeap Quote  Post ReplyReply Direct Link To This Post Posted: 12 March 2003 at 2:00pm

I used the tool that was on this site.

I think what happened was the usersnames become corrupt and everyone was a Moderator but were showing as just basic members.  What I ended up doing was deleting all permissions, forums and users and recreated them all.

It seems to be fine now but maybe you could implement something that would allow you to globally set user permissions.

As well, on the forum permissions, the generic permissions often do not show what you really want as generic, even if you put settings on every group.
Back to Top
Mikeap View Drop Down
Newbie
Newbie


Joined: 12 March 2003
Location: United States
Status: Offline
Points: 37 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Mikeap Quote  Post ReplyReply Direct Link To This Post Posted: 12 March 2003 at 2:02pm

Through all of this, this is the greatest and most feature rich forum out there.  Whether it be in PHP, ASP, whatever, this forum is great.  I would pay for the non-boxed version if I had too.  I looked into all the ASP boards out there and I even installed a couple for testing but non compared to this one.  The admin (control panel) is the most easiest to use, great tool.

Thank you guys for your tremendous work and time that you have put into this amazing tool.
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 12 March 2003 at 5:57pm
Upgrading is always tricky and as upgarde tools are written by thrid parties there will always be such problems, a fresh install should be fine and as the v7 is only in beta I haven't even looked at or tested any upgarde tools myself, so upgrading will be hit and miss.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
Nigelo View Drop Down
Groupie
Groupie


Joined: 11 October 2002
Location: United Kingdom
Status: Offline
Points: 67 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Nigelo Quote  Post ReplyReply Direct Link To This Post Posted: 13 March 2003 at 8:16am

If the Database "Migrator" (downloadable from WWF) had been used, Users with Moderator status on 6.34 would also have same status on v7 - no more, no less. There is no way that all Users would have been set to Moderator unless either old or new DB was already corrupt, in which case anything could have happened.

If in doubt, run a Compact / Repair on both old and new DBs before running the Migrator App.

Hope this helps
Nigel 
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.