Minor security hole and a question..
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=6456
Printed Date: 03 April 2026 at 4:33pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: Minor security hole and a question..
Posted By: fernan82
Subject: Minor security hole and a question..
Date Posted: 15 October 2003 at 8:58pm
|
You might now about this but if you post an announcement for all forums on a locked forum everyone can post a reply to it from the other forums..... I know I can just lock the topic but it happened that a while ago I found some replies to a locked forum on my site and for a few seconds I was like htf they do that.... The question is, what is the "Private Groups" option on the drop-down for the forum permissions if they're not used at all..? It's the same thing if you set the feature to off as the member and group permissions will override it anyways. I just changed my to not overide it when the feature is off on the forum permissions. IMHO it shouldn't be like that... ------------- FeRnAN http://www.danasoft.com/"> 
|
Replies:
Posted By: WebWiz-Bruce
Date Posted: 16 October 2003 at 2:56am
|
This is how it is designed, an annocement to all forums isn't actually
part of a pertcular forum, it is posted to all forums as a global post
so it takes on board any permissions for the forum the user is in. You
will have to lock the topic if you don't wish people to post in an
annocement on a forum that is open. Private Groups is just that, you can set Groups to be able to use that fetaure in that forum. If Group Permissions didn't overide this then you wouldn't be able to setup Groups (or Private Groups) to be able to use that fetaure in that forum. Forum permissions can be overidden. Down the bottom you have Generic Forum permissions, these then are overridden by Group Permmissions, which themselfs are overridden at the top by member permssions. If no Group or Member permssions are set for a group or member on a forum they then take on the Genric forum permissions in that forum. So if you set for exam-ple read access to 'Private Groups' only those groups that you then set in Group Permisisons to have read access in that forum can enter that forum. So all the permssions can be used. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: fernan82
Date Posted: 16 October 2003 at 2:39pm
|
That might sense about the announcement, I just had a closed forum and when I made on post an announcement for all forums came back and found a bunch of replies, so I thought I'd mention it... About the permissions I undertand what you're saying but I'll explain why I don't think that's the best way to do it. The 'Private Groups' has a '3' value. When you look on the permissions function it's not used at all, so basically Private Groups = Off, the only difference is that if it's set to off the admin can't use the function unless it's overided by member or group permissions, right.? Well that makes some sense but look at this situation, let's suppose you got a forum where you allow 1000 members to upload files and you use member permissions for that, then for any reason you don't want to allow anymore uploads on that forum. The way the forum is designed right now you would have to edit the permissions for the 1000 members one by one or run a query on the db to remove all the permissions which a lot of people can't do. Now if you set it so that Off can't be overrided by other permissions like I did on my forum then all you have to do is go to that forum permissions and turn it off. That would make things a lot easier for many people and won't take any functionality from the forum. Does that makes sense or is it just me..?
------------- FeRnAN http://www.danasoft.com/">
|
Posted By: WebWiz-Bruce
Date Posted: 17 October 2003 at 2:40am
|
The idea is that generic permisisons are overidden in the hierarchy in the following order:- Genric Forum permissions Group Permissions Member Permssions By setting it that some Generic Permssions overide other permissions would just make things confusing. But if you like it like that and you modified it to do that then fair enough. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: Magic
Date Posted: 17 October 2003 at 1:32pm
|
AD Intergration ? Go on....you know you want too ------------- - Don't ask me how it works, just be greatful it works! - Now what does this BIG RED button do? 
|
