[ postfixadmin-Patches-3305187 ] Logging patch
Brought to you by:
christian_boltz,
gingerdog
From: SourceForge.net <no...@so...> - 2011-05-23 14:06:13
|
Patches item #3305187, was opened at 2011-05-20 11:09 Message generated for change (Comment added) made by lnxus You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=3305187&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Dale Blount (lnxus) Assigned to: Nobody/Anonymous (nobody) Summary: Logging patch Initial Comment: Patch to add ability to only allow super admin to view logs ---------------------------------------------------------------------- >Comment By: Dale Blount (lnxus) Date: 2011-05-23 10:06 Message: Hi. Sorry about the old patch, this was before I started using the SVN version. The reason I want to have the option to hide the logs is that it logs IPs of the superadmins giving possible targets to gain additional privileges. Yes, I know it's quite a long shot. ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2011-05-22 18:07 Message: Your patch hides the link to viewlog.php, but any domain admin can still type viewlog.php in his browser's address bar and view the log. You should add a permission check in viewlog.php to fix this. Additionally, our current development version is much different from 2.3.x because we switched to smarty templates. This means the template changes in your patch won't apply to SVN trunk. (Not a real problem, it would be quite easy for me to convert your patch to the smarty templates.) That said: is there a special reason why you want to hide the log from your domain admins? I have to admit that I don't see why this would make sense. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=3305187&group_id=191583 |