Re: [Phpslash-devel] Sec. hole in authorAdmin 0.65
Brought to you by:
joestewart,
nhruby
From: Joe S. <jo...@be...> - 2001-12-17 18:01:08
|
Would it be clearer to rename "author" perm to authoradmin or useradmin? I've got a much more detailed plan for later but would rather wait. On Mon, Dec 17, 2001 at 06:15:00PM +0100, Lars Heuer wrote: > Hi Ajay, > > > can play around with the stories and authors. Now if you also have > > "root" access then you can do the more destructive stuff like delete > > stories, delete authors, etc... > > Yes, but I thought, the root (like a UNIX-root) should not be deleted > by an author, because it's the root, the god of the system. > > I've given the user "foo" just author-rights and he was able to delete > the root. That was surprising. > > Thanks, > Lars > > |