[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [Bug #1169] admin authentication and caching pro
|
From: |
nobody |
|
Subject: |
[Phpgroupware-tracker] [Bug #1169] admin authentication and caching problems |
|
Date: |
Thu, 20 Mar 2003 00:00:07 -0500 |
=================== BUG #1169: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1169&group_id=509
Changes by: Dave Hall <address@hidden>
Date: Thu 03/20/03 at 16:00 (Australia/Melbourne)
What | Removed | Added
---------------------------------------------------------------------------
Assigned to | seek3r | skwashd
Status | Open | Closed
------------------ Additional Follow-up Comments ----------------------------
I have some people currently testing a fix for this. The caching issue can't
be avoided as this is a web app.
=================== BUG #1169: FULL BUG SNAPSHOT ===================
Submitted by: None Project: phpGroupWare
Submitted on: Tue 09/10/02 at 14:03
Category: API - Setup Bug Group: 0.9.14 release
Severity: 7 Priority: Immediate
Resolution: None Assigned to: skwashd
Status: Closed Component Version: None
Platform Version: Other Reproducibility: Every Time
Summary: admin authentication and caching problems
Original Submission: Logging into either admin/config page or header admin
page allows you to authenticate for the other by entering URL directly, without
authenticating with the other admin password.
For instance, login to config/setup admin. Then enter the
/setup/manageheader.php URL. You're in header admin now without a password.
The opposite is also true. Login to header admin, then enter the URL for
config/setup. You are now in the config/setup area with full privs *without*
having entered the config/setup password.
Also, pages are cached. Admin Logout does not really work. You can click
Logout in either admin screen, use back button to go to working admin screen,
REFRESH, and you are reauthenticated for both admin areas (config/setup and
header admin). One reauthenticated you can enter the URL directly for either
admin screen with full capabilities in each.
Follow-up Comments
*******************
-------------------------------------------------------
Date: Thu 03/20/03 at 16:00 By: skwashd
I have some people currently testing a fix for this. The caching issue can't
be avoided as this is a web app.
-------------------------------------------------------
Date: Wed 09/11/02 at 10:00 By: skwashd
It appears to me that some of these issues are duplicated in bug 1171, see:
https://savannah.gnu.org/bugs/?func=detailbug&bug_id=1171&group_id=509
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1169&group_id=509
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-tracker] [Bug #1169] admin authentication and caching problems,
nobody <=