Forums / Developer / Security issue. Anonymous user can access the module/view that under admin interface

Security issue. Anonymous user can access the module/view that under admin interface

« 
Previous topic
|
Developer
|
Next topic
 »
Author Message

Bill2011 Du

Wednesday 04 May 2011 8:13:50 am

I have a new module/view that should only be accessed by admin. I confirm i don't change anything in my siteaccess setting : RoleSettings.

A start, all things were perfect , but i found this module/view can be accessed by anonymous users after some time.

I checked my siteaccess setting files, the RoleSettings[] has been modified. The following PolicyOmitList[] data was added:

[RoleSettings]
PolicyOmitList[]=newmodule/list

I found the RoleSettings[] was rewrited when i did something in Setup/Ini-setting/site.ini from admin interface.

I don't want my private module or view be accessed by anonymous users, please help me!!

Please help to stop that my private module or view be rewirted into PolicyOmitList[].

Thank you!

Ivo Lukac

Wednesday 04 May 2011 9:10:48 am

For disable anonymous access just comment the line with hash and clear ini cache:

#PolicyOmitList[]=newmodule/list

But the main question is where did this line come from if you didn't write it. That is a mystery.

http://www.linkedin.com/in/ivolukac
http://www.netgen.hr/eng/blog
http://twitter.com/ilukac

Bill2011 Du

Friday 06 May 2011 1:13:45 am

Thanks, Ivo Lukac .

It was rewrited after i edited the PolicyOmitList parameter of Setup/Ini-setting/site.ini form admin interface.

Is it means all module or view will wirte into PolicyOmitList parameter when edit the PolicyOmitList parameter of Setup/Ini-setting/site.ini form admin interface?

Ivo Lukac

Friday 06 May 2011 1:19:29 am

"

Thanks, Ivo Lukac .

It was rewrited after i edited the PolicyOmitList parameter of Setup/Ini-setting/site.ini form admin interface.

Is it means all module or view will wirte into PolicyOmitList parameter when edit the PolicyOmitList parameter of Setup/Ini-setting/site.ini form admin interface?

"

Of course it does. It is the same thing. Admin interface is used to edit all ini files without the need to open files directly...

http://www.linkedin.com/in/ivolukac
http://www.netgen.hr/eng/blog
http://twitter.com/ilukac

eZ debug

Timing: Jan 17 2025 23:40:57
Script start
Timing: Jan 17 2025 23:40:57
Module start 'content'
Timing: Jan 17 2025 23:40:57
Module end 'content'
Timing: Jan 17 2025 23:40:58
Script end

Main resources:

Total runtime0.1492 sec
Peak memory usage4,096.0000 KB
Database Queries141

Timing points:

CheckpointStart (sec)Duration (sec)Memory at start (KB)Memory used (KB)
Script start 0.00000.0076 588.1250180.7891
Module start 'content' 0.00760.0054 768.914198.1484
Module end 'content' 0.01290.1362 867.0625526.9844
Script end 0.1491  1,394.0469 

Time accumulators:

 Accumulator Duration (sec) Duration (%) Count Average (sec)
Ini load
Load cache0.00402.6904200.0002
Check MTime0.00140.9176200.0001
Mysql Total
Database connection0.00080.554910.0008
Mysqli_queries0.105270.49621410.0007
Looping result0.00140.91741390.0000
Template Total0.135790.910.1357
Template load0.00100.661310.0010
Template processing0.134790.266310.1347
Override
Cache load0.00070.467010.0007
Sytem overhead
Fetch class attribute can translate value0.00161.062810.0016
XML
Image XML parsing0.00030.206410.0003
General
dbfile0.00161.0705200.0001
String conversion0.00000.004030.0000
Note: percentages do not add up to 100% because some accumulators overlap

CSS/JS files loaded with "ezjscPacker" during request:

CacheTypePacklevelSourceFiles
CSS0extension/community/design/community/stylesheets/ext/jquery.autocomplete.css
extension/community_design/design/suncana/stylesheets/scrollbars.css
extension/community_design/design/suncana/stylesheets/tabs.css
extension/community_design/design/suncana/stylesheets/roadmap.css
extension/community_design/design/suncana/stylesheets/content.css
extension/community_design/design/suncana/stylesheets/star-rating.css
extension/community_design/design/suncana/stylesheets/syntax_and_custom_tags.css
extension/community_design/design/suncana/stylesheets/buttons.css
extension/community_design/design/suncana/stylesheets/tweetbox.css
extension/community_design/design/suncana/stylesheets/jquery.fancybox-1.3.4.css
extension/bcsmoothgallery/design/standard/stylesheets/magnific-popup.css
extension/sevenx/design/simple/stylesheets/star_rating.css
extension/sevenx/design/simple/stylesheets/libs/fontawesome/css/all.min.css
extension/sevenx/design/simple/stylesheets/main.v02.css
extension/sevenx/design/simple/stylesheets/main.v02.res.css
JS0extension/ezjscore/design/standard/lib/yui/3.17.2/build/yui/yui-min.js
extension/ezjscore/design/standard/javascript/jquery-3.7.0.min.js
extension/community_design/design/suncana/javascript/jquery.ui.core.min.js
extension/community_design/design/suncana/javascript/jquery.ui.widget.min.js
extension/community_design/design/suncana/javascript/jquery.easing.1.3.js
extension/community_design/design/suncana/javascript/jquery.ui.tabs.js
extension/community_design/design/suncana/javascript/jquery.hoverIntent.min.js
extension/community_design/design/suncana/javascript/jquery.popmenu.js
extension/community_design/design/suncana/javascript/jScrollPane.js
extension/community_design/design/suncana/javascript/jquery.mousewheel.js
extension/community_design/design/suncana/javascript/jquery.cycle.all.js
extension/sevenx/design/simple/javascript/jquery.scrollTo.js
extension/community_design/design/suncana/javascript/jquery.cookie.js
extension/community_design/design/suncana/javascript/ezstarrating_jquery.js
extension/community_design/design/suncana/javascript/jquery.initboxes.js
extension/community_design/design/suncana/javascript/app.js
extension/community_design/design/suncana/javascript/twitterwidget.js
extension/community_design/design/suncana/javascript/community.js
extension/community_design/design/suncana/javascript/roadmap.js
extension/community_design/design/suncana/javascript/ez.js
extension/community_design/design/suncana/javascript/ezshareevents.js
extension/sevenx/design/simple/javascript/main.js

Templates used to render the page:

UsageRequested templateTemplateTemplate loadedEditOverride
1pagelayout.tpl<No override>extension/sevenx/design/simple/templates/pagelayout.tplEdit templateOverride template
 Number of times templates used: 1
 Number of unique templates used: 1

Time used to render debug report: 0.0001 secs