Forums / General / Important: User edit bug

Important: User edit bug

Next topic

Author	Message
Ole Morten Halvorsen	Monday 19 May 2003 4:24:05 am As many have probably seen here http://ez.no/developer/ez_publish_3/forum/developer/users_editing_their_own_details a bug was found enabling users to edit other users data. The password can not be changed, but the user account get disabled. We are working on a fix to this problem now, until then disable the user module. Put this in your site.ini: [SiteAccessRules] Rules[] Rules[]=Access;enable Rules[]=ModuleAll;true Rules[]=Access;disable Rules[]=Module;user We have disabled the user module here at ez.no, so until the problem is fixed login will not work. Senior Software Engineer - Vision with Technology http://www.visionwt.com http://www.omh.cc http://www.twitter.com/omh eZ Certified Developer http://ez.no/certification/verify/358441 http://ez.no/certification/verify/272578
Jan Borsodi	Monday 19 May 2003 7:13:03 am A patch for the user edit bug can be found here: http://ez.no/developer/ez_publish_3/contributions/security_fix_unchecked_user_edit -- Amos Documentation: http://ez.no/ez_publish/documentation FAQ: http://ez.no/ez_publish/documentation/faq
Tony Wood	Monday 19 May 2003 7:43:06 am Thank you for your fast and efficient resolution of this problem. Tony Wood : twitter.com/tonywood Vision with Technology Experts in eZ Publish consulting & development Power to the Editor! Free eZ Training : http://www.VisionWT.com/training eZ Future Podcast : http://www.VisionWT.com/eZ-Future

Author

Message

Monday 19 May 2003 4:24:05 am

As many have probably seen here http://ez.no/developer/ez_publish_3/forum/developer/users_editing_their_own_details
a bug was found enabling users to edit other users data. The password can not be changed, but the user account get disabled.

We are working on a fix to this problem now, until then disable the user module. Put this in your site.ini:

[SiteAccessRules]
Rules[]
Rules[]=Access;enable
Rules[]=ModuleAll;true
Rules[]=Access;disable
Rules[]=Module;user

We have disabled the user module here at ez.no, so until the problem is fixed login will not work.

Senior Software Engineer - Vision with Technology

http://www.visionwt.com
http://www.omh.cc
http://www.twitter.com/omh

eZ Certified Developer
http://ez.no/certification/verify/358441
http://ez.no/certification/verify/272578

Jan Borsodi

Monday 19 May 2003 7:13:03 am

A patch for the user edit bug can be found here:
http://ez.no/developer/ez_publish_3/contributions/security_fix_unchecked_user_edit

--
Amos

Documentation: http://ez.no/ez_publish/documentation
FAQ: http://ez.no/ez_publish/documentation/faq

Tony Wood

Monday 19 May 2003 7:43:06 am

Thank you for your fast and efficient resolution of this problem.

Tony Wood : twitter.com/tonywood
Vision with Technology
Experts in eZ Publish consulting & development

Power to the Editor!

Free eZ Training : http://www.VisionWT.com/training
eZ Future Podcast : http://www.VisionWT.com/eZ-Future