Web Wiz - Green Windows Web Hosting - Celebrating 25 Years!
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - Search is too good!
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Search is too good!
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
fbridge2 View Drop Down
Newbie
Newbie


Joined: 29 April 2003
Location: United Kingdom
Status: Offline
Points: 18 		Post Options Post Options   Thanks (0) Thanks(0)   Quote fbridge2 Quote  Post ReplyReply Direct Link To This Post Topic: Search is too good!
    Posted: 28 April 2004 at 1:37pm

I have a very secure forum where all forums are Private Groups and each is user enabled on a member by member basis. (This is the only way I could overcome the deficiency where members cannot be in Multiple Groups ). However, when a user does a search they are given the SUBJECT list for ALL forums not just the ones they have access for. Subsequent clicks disallow them from viewing the whole post but still they have discovered areas to which they are not privy. Has anyone fixed this?

Regards
Frank
Back to Top
michael View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 April 2002
Location: United States
Status: Offline
Points: 4670 		Post Options Post Options   Thanks (0) Thanks(0)   Quote michael Quote  Post ReplyReply Direct Link To This Post Posted: 28 April 2004 at 2:10pm
This is by design to speed up searches afair. You could somewhat easily fix that yourself but may encounter performance issue.
Blog | MPG Tracker
Back to Top
thekiwi View Drop Down
Mod Builder Group
Mod Builder Group


Joined: 23 November 2003
Location: New Zealand
Status: Offline
Points: 392 		Post Options Post Options   Thanks (0) Thanks(0)   Quote thekiwi Quote  Post ReplyReply Direct Link To This Post Posted: 28 April 2004 at 2:55pm
Originally posted by fbridge2 fbridge2 wrote:

I have a very secure forum where all forums are Private Groups and each is user enabled on a member by member basis. (This is the only way I could overcome the deficiency where members cannot be in Multiple Groups ). However, when a user does a search they are given the SUBJECT list for ALL forums not just the ones they have access for. Subsequent clicks disallow them from viewing the whole post but still they have discovered areas to which they are not privy. Has anyone fixed this?

Regards
Frank


Yes ... but only for SQL Server ... and no it doesn't incur a performace hit.
Cheers
TheKiwi
Internet Infobahn - website design and hosting
Back to Top
fbridge2 View Drop Down
Newbie
Newbie


Joined: 29 April 2003
Location: United Kingdom
Status: Offline
Points: 18 		Post Options Post Options   Thanks (0) Thanks(0)   Quote fbridge2 Quote  Post ReplyReply Direct Link To This Post Posted: 28 April 2004 at 5:36pm

Many thanks. I will have a go and post the results back here (if successful!)

Frank
Back to Top
fbridge2 View Drop Down
Newbie
Newbie


Joined: 29 April 2003
Location: United Kingdom
Status: Offline
Points: 18 		Post Options Post Options   Thanks (0) Thanks(0)   Quote fbridge2 Quote  Post ReplyReply Direct Link To This Post Posted: 29 April 2004 at 9:30am

Piece of cake!

Collect the forum ids to which the user has access on the search_form and store in an hidden input. Collect from the select named "FM"

<input name="INPARAMS" type="hidden" value="(5,4,7,6)">

this is now passed to search.asp and can be inserted in the SQL statement as

"WHERE Forum_ID IN " & Request.QueryString("INPARAMS")

I suppose this could be considered insecure as the params are sent as POST info but for speed there is little or no overhead as suggested. These could be obfuscated if needs be.

Regards
Frank
Back to Top
Munawar View Drop Down
Newbie
Newbie


Joined: 29 January 2004
Status: Offline
Points: 7 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Munawar Quote  Post ReplyReply Direct Link To This Post Posted: 11 April 2005 at 9:03pm
Hi fbridge2,
  I used your fix and it works.  Thanks for the help.
 
  To clean this code up, you could move the "Forum Access" check into search.asp, that way you dont have to use the hidden input.  Anyway, it works, and I'm not too picky Wink.

Munawar
Back to Top
dj air View Drop Down
Senior Member
Senior Member
Avatar

Joined: 05 April 2002
Location: United Kingdom
Status: Offline
Points: 3627 		Post Options Post Options   Thanks (0) Thanks(0)   Quote dj air Quote  Post ReplyReply Direct Link To This Post Posted: 12 April 2005 at 6:03am
also using that INPARAMS to fold the forums they can access is a security risk for what you want.

because searchs use the get command the forums allows are shown within the querystring, so a user can change that to allow them viewablility to all forums.

as suggested its best to do the check on the search page
Back to Top
aaronm32 View Drop Down
Newbie
Newbie


Joined: 24 October 2005
Status: Offline
Points: 3 		Post Options Post Options   Thanks (0) Thanks(0)   Quote aaronm32 Quote  Post ReplyReply Direct Link To This Post Posted: 26 October 2005 at 5:11pm
I'll take a slightly slower search over the security risk of allowing users to access parts of the forum they shouldn't be allowed to see any day.  Thanks for the code Frank!
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.