Security issue. Anonymous user can access the module/view that under admin interface

Wednesday 04 May 2011 8:13:50 am

I have a new module/view that should only be accessed by admin. I confirm i don't change anything in my siteaccess setting : RoleSettings.

A start, all things were perfect , but i found this module/view can be accessed by anonymous users after some time.

I checked my siteaccess setting files, the RoleSettings[] has been modified. The following PolicyOmitList[] data was added:

[RoleSettings]
PolicyOmitList[]=newmodule/list

I found the RoleSettings[] was rewrited when i did something in Setup/Ini-setting/site.ini from admin interface.

I don't want my private module or view be accessed by anonymous users, please help me!!

Please help to stop that my private module or view be rewirted into PolicyOmitList[].

Thank you!

Friday 06 May 2011 1:13:45 am

Thanks, Ivo Lukac .

It was rewrited after i edited the PolicyOmitList parameter of Setup/Ini-setting/site.ini form admin interface.

Is it means all module or view will wirte into PolicyOmitList parameter when edit the PolicyOmitList parameter of Setup/Ini-setting/site.ini form admin interface?