Tweet
Most of my question is right there in the title.
My problem is that, when I add a new private forum, my existing registered users cannot 'see' the new private forum that I've just created. BUT it turns out that they can simply edit the forumid part of the URL to gain full access to it. Not good.
The 'solution' I have right now to this potential security risk to my private forums is that I have to explicitly visit the permissions for each and every registered user and set the flag to 'No' for the new forum, as opposed to 'Default'. Access masks are turned on, because I need to be able to indicate which individual users have access to which private forums.
So the 'correct' solution is either that individual permissions for access to a new private forum need to default to 'No' on creation of the new forum, OR the 'default' setting needs to be set 'No' (if that makes sense). Either way, I don't know how to achieve this result.
Can anyone advise?
My problem is that, when I add a new private forum, my existing registered users cannot 'see' the new private forum that I've just created. BUT it turns out that they can simply edit the forumid part of the URL to gain full access to it. Not good.
The 'solution' I have right now to this potential security risk to my private forums is that I have to explicitly visit the permissions for each and every registered user and set the flag to 'No' for the new forum, as opposed to 'Default'. Access masks are turned on, because I need to be able to indicate which individual users have access to which private forums.
So the 'correct' solution is either that individual permissions for access to a new private forum need to default to 'No' on creation of the new forum, OR the 'default' setting needs to be set 'No' (if that makes sense). Either way, I don't know how to achieve this result.
Can anyone advise?
Comment