Announcement

Collapse
No announcement yet.

Major Duplicable Security Hole: Is This a Bug?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #46
    Originally posted by tubedogg
    There's a simple way to avoid this - don't set the forum to private, and change permissions for your other groups to not be able to view/post/etc. in it.
    Uhh, Kevin.. Doesn't that void the whole point of having a private-forum option? Seems to me that it would be better to actually correct the feature, make it more logical, rather than going around it like you suggested.
    Toddler from Hell

    Comment


    • #47
      The feature seems pretty logical to me. It says it will hide forums from everyone except mods & admins. If you don't want the forum to be set that way, don't set the option.

      It's like saying you want to change the way the Submit Reply button works because it doesn't preview the message first. If you want to preview the message, use the preview button, not the submit button.

      Comment


      • #48
        Originally posted by tubedogg
        .The feature seems pretty logical to me. It says it will hide forums from everyone except mods & admins. If you don't want the forum to be set that way, don't set the option.
        Here's an analogy for that. PATIENT="Doc, it hurts when I do this". Doctor="Then Don't do that". Did that solve the problem? Well, no, not really, because the problem wasn't fixed, it was just avoided. See what I mean?

        Originally posted by tubedogg
        It's like saying you want to change the way the Submit Reply button works because it doesn't preview the message first. If you want to preview the message, use the preview button, not the submit button.
        no offense tubbdogg, But you are comparing apples and oranges.

        My point again is this. It does this ONLY for the moderators, not the admins, and not the Super moderators. Instead of someone only having to change ONE permission to restrict acces, they have to manually change every single moderator. If I want to restict access for all supermoderators, or even admins, all I have to do is change one permission, and BOOM, it's done. I have 20 modertors myself, so that is a pain to do manually, but I can't imagine how much a pain it is for sites with more than that.

        I am not trying to argue with the Jelsoft team on this. If you all feel this is not an issue, that is fine, but I think that it should be something that perhaps is in the "Instructions" as an option to turn off or on, much like that "aol/icq" feature which requires a simple modification to turn on.

        Talon

        Comment


        • #49
          The reason it only does this for moderators is simple: moderators are not required to be in one specific usergroup. Administrators and Super Moderators *are*. Since moderators do not have to be in one specific usergroup, individual permissions are assigned to them to mimic the effect that would occur if all moderators were in one usergroup.

          Comment


          • #50
            ok, that explains it alittle better anyway. Thank you for that. I did use mystics work around, and it did the trick, so I guess I will just have to remember that for the next upgrade. Thanks for your time and help on this guys.

            Talon

            Comment


            • #51
              Originally posted by tubedogg
              The feature seems pretty logical to me. It says it will hide forums from everyone except mods & admins. If you don't want the forum to be set that way, don't set the option.
              Admins and Super Mods, yes, I agree. I do not buy that this is how it was intended for regular mods tho. Generally they are assigned to specific forums, elsewhere they are meant to have regular user rights. See where it becomes illogical?
              Toddler from Hell

              Comment


              • #52
                Originally posted by Fusion
                Admins and Super Mods, yes, I agree. I do not buy that this is how it was intended for regular mods tho. Generally they are assigned to specific forums, elsewhere they are meant to have regular user rights. See where it becomes illogical?
                I see, yes. But, I think this point is moot now as it is very clear that they do not view this as a "flaw", but as "working as intended".

                Talon

                Comment

                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                Working...
                X