[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [Bug #1169] admin authentication and caching prob
From: |
nobody |
Subject: |
[Phpgroupware-tracker] [Bug #1169] admin authentication and caching problems |
Date: |
Tue, 26 Nov 2002 04:16:22 -0500 |
=================== BUG #1169: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1169&group_id=509
Changes by: Dave Hall <address@hidden>
Date: 2002-Nov-26 20:16 (Australia/Melbourne)
What | Removed | Added
---------------------------------------------------------------------------
Severity | 5 - Major | 7
Priority | High | Immediate
=================== BUG #1169: FULL BUG SNAPSHOT ===================
Submitted by: None Project: phpGroupWare
Submitted on: 2002-Sep-10 14:03
Category: API - Setup Bug Group: 0.9.14 release
Severity: 7 Priority: Immediate
Resolution: None Assigned to: seek3r
Status: Open Component Version: None
Platform Version: Other Reproducibility: Every Time
Summary: admin authentication and caching problems
Original Submission: Logging into either admin/config page or header admin
page allows you to authenticate for the other by entering URL directly, without
authenticating with the other admin password.
For instance, login to config/setup admin. Then enter the
/setup/manageheader.php URL. You're in header admin now without a password.
The opposite is also true. Login to header admin, then enter the URL for
config/setup. You are now in the config/setup area with full privs *without*
having entered the config/setup password.
Also, pages are cached. Admin Logout does not really work. You can click
Logout in either admin screen, use back button to go to working admin screen,
REFRESH, and you are reauthenticated for both admin areas (config/setup and
header admin). One reauthenticated you can enter the URL directly for either
admin screen with full capabilities in each.
Follow-up Comments
*******************
-------------------------------------------------------
Date: 2002-Sep-11 10:00 By: skwashd
It appears to me that some of these issues are duplicated in bug 1171, see:
https://savannah.gnu.org/bugs/?func=detailbug&bug_id=1171&group_id=509
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1169&group_id=509
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-tracker] [Bug #1169] admin authentication and caching problems,
nobody <=