Announcement

Collapse
No announcement yet.

Permission fighting

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Permission fighting

    Excuse, but I can't manage to understand the VB permission scheme ...
    Better, I can't understand wich access/deny permission wins against each other.
    My job is about security matters and each software product I evaulated follows almost the same schema: most particular and 'granular' permission overrides the most generic ones.
    (all but WinNT security schema, in which each denial of resource overrides the access to the same resource, even more specific...)

    Well. Simply I would deny a writing access to a forum to a particular usergroup, so I defined the the specific forum permission with custom settings, but even EACH member of that group can write into that forum, as specified in the category, I guess...

    Besides, isn't there any way to check all the specific permissions but trying logging with a 'dummy' user and changing - time to time - his profile to test the security authorizations ? Isn't there any 'simulator' to check those auth behaviors ?

    Thank you very much.
    Hope this is clear enough.

    P.S.: I'm sure all my cookies are reset before logging with the dummy testing user.
    Bye

  • #2
    Vbulletin works on the access masks schema. Check the user guide and then ask us any outstanding questions.

    I have found exactly the same problems as you but I am in no way sure on how to make it easier etc.
    Email: [email protected]
    Site: Under Construction

    Comment


    • #3
      The ony way is to try and try and try and try with a lot of different users and profiles.... Isn't it ?

      Is there a downloadable (pdf or ...) or a security-oriented specific admin manual ?
      Thank you very much
      Bye

      Comment


      • #4
        I dont think there is
        Email: [email protected]
        Site: Under Construction

        Comment


        • #5
          Originally posted by Jet
          The ony way is to try and try and try and try with a lot of different users and profiles.... Isn't it ?

          Is there a downloadable (pdf or ...) or a security-oriented specific admin manual ?
          Thank you very much
          Bye
          unfortunately not yet
          :: Always Back Up Forum Database + Attachments BEFORE upgrading !
          :: Nginx SPDY SSL - World Flags Demo [video results]
          :: vBulletin hacked forums: Clean Up Guide for VPS/Dedicated hosting users [ vbulletin.com blog summary ]

          Comment


          • #6
            'not yet' ?

            - the admin/security guide or
            - a simulator to try permissions without logging out & in again and again
            - both

            ???

            Thnx

            Comment


            • #7
              Both.
              Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
              Change CKEditor Colors to Match Style (for 4.1.4 and above)

              Steve Machol Photography


              Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


              Comment

              Loading...
              Working...
              X