#112 Security: modifyconfig

open
nobody
5
2002-08-07
2002-08-07
Anonymous
No

The authorisation level for modifying the config file
is set to ACCESS_ADD in pnadmin.php.

I think it would be better if modifying the config
would only be allowed with admin rights (ACCESS_ADMIN).

Moreover it would be nice if the link for editing the
config file would only be visible for users with
ACCESS_ADMIN set.

Discussion