phpgroupware-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Phpgroupware-users] FAQ? and admin authentication bugs


From: Patrick Price
Subject: Re: [Phpgroupware-users] FAQ? and admin authentication bugs
Date: Tue, 10 Sep 2002 10:46:26 -0400
User-agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:0.9.4.1) Gecko/20020406 Netscape6/6.2.2


Patrick Price wrote:
... there is a BIG problem how these two (Header manage and setup/config
admin) authenticate.

I can login to header admin, hit back button, then hit reload, and I get
the setup/config screen! No setup/config password required!

The reverse also works. Login (after closing browser) to setup/config
screen, then enter URL /phpgroupware/setup/manageheader.php. No
password required!

Chris Weiss wrote:

very interesting, but it only works when the two passwords are the same.
Very. Originally I had the two passwords the same  So I changed them to be different for testing/verifying this problem.  Same behavior.  The passwords are being ignored.  The authentication mechanism is broken, period.  From two different computers (Sun Blade 100 and Intel Platform), two different operating systems (Solaris 8 and W2K), and two different browsers (Communicator 4.76 and IE 5.5 SP2).   
This is obviously broken.  This works the same way even if the two admin
passwords are not the same. Why two separate logins for two admin
functions which are both critical and basically do the same things?
Dependencies of setup admin on the header having been generated? Bah.

it's only broken in the sense that you are not familiar with the way web based
application work. The two sections do not do the same thing, one sets up the site
so it can access the database and work on your web server, the other installs apps
and sets up the database for the application to work.
What I meant was that they are the same in the respect that  header admin generates a text file, and the config/setup screen has an "Edit Current Configuration" button which does the same thing, that is, edits/generates a text file.  Why not an "Edit Header File" button on the config/setup screen as STEP 1?

Usability is something that I personally find hard to code, and especially when I'm
more worried about the back end working correctly. I think a lot of developers can
relate to this. I know the phpGW team is always open to suggestions on how to make
it better, but so far you've only stated what you see as problems. Looking forward
to suggestions on how to "fix" it.
I am  1: trying to get useful feedback to confirm a problem (which I am still waiting for BTW), 2: waiting to hear back from the original author on whether they have time to work on it.   Just jump in and fix it?  That's not teamwork, and if you aren't good at usability design and you aren't good at teamwork (getting someone else to code usability), then you're screwed and your product is not usable or even desired.     Lemme ask you this, are you on the phpGW team?   Am I even talking to the right person?  Nothing personal but I find your attitude in this particular case most disturbing.  If I'm wrong about something, tell me exactly why with examples and don't give me generalities like "your browser sucks" and "you don't know how to use software" and "it doesn't do the same thing for me so it must be OK" and ignore all the possibilities.


Patrick Price
Senior UNIX Systems Administrator
West Virginia University

reply via email to

[Prev in Thread] Current Thread [Next in Thread]