Re: [Phpslash-devel] Troublemaking: what you can do with 'author' rights\
Brought to you by:
joestewart,
nhruby
Menu
▾
▴
Re: [Phpslash-devel] Troublemaking: what you can do with 'author' rights\
|
From: Joe S. <joe...@us...> - 2003-02-20 18:17:05
|
On Wed, Feb 19, 2003 at 09:48:28PM +0000, Peter Cruickshank wrote: > Hi > > I'm coding up some extras for Back-End's user admin, and thought I'd point out the obvious: if you assign a user 'author' rights, they can then assign themselves or anyone else 'root' rights. Probably not an issue for a typical phpSlash site, but worth bearing in mind for larger/paranoid sites... > Yes, "author" rights are probably better termed "UserAdmin" or something. Because they were tied into the scripts I didn't change them away from the older values. But you should be able to rename the groups with no ill effects. The only place "author" group rights are referenced are in the NavBar. This can be changed in a couple of ways. One would be to add a "authorNavBar" permission or something similar. Another would be to change it to "authorList". One that I don't like as much would be to use the new group name. I think "comment" is still used instead of the underlying permissions but most of the group names aren't used except for the NavBar. > (maybe I'm bored?) > maybe. It's still a good discussion. FWIW - It's been discussed here before too - http://sourceforge.net/mailarchive/message.php?msg_id=6526 Joe > Peter > |
