[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [Bug #1170] admin authentication and caching prob
From: |
nobody |
Subject: |
[Phpgroupware-tracker] [Bug #1170] admin authentication and caching problems |
Date: |
Tue, 10 Sep 2002 00:04:01 -0400 |
=================== BUG #1170: FULL BUG SNAPSHOT ===================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1170&group_id=509
Submitted by: None Project: phpGroupWare
Submitted on: 2002-Sep-10 00:04
Category: API - Admin Bug Group: 0.9.14 release
Severity: 5 - Major Priority: High
Resolution: None Assigned to: None
Status: Open Platform Version: Other
Reproducibility: Every Time
Summary: admin authentication and caching problems
Original Submission: Logging into either admin/config page or header admin
page allows you to authenticate for the other by entering URL directly, without
authenticating with the other admin password.
For instance, login to config/setup admin. Then enter the
/setup/manageheader.php URL. You're in header admin now without a password.
The opposite is also true. Login to header admin, then enter the URL for
config/setup. You are now in the config/setup area with full privs *without*
having entered the config/setup password.
Also, pages are cached. Admin Logout does not really work. You can click
Logout in either admin screen, use back button to go to working admin screen,
REFRESH, and you are reauthenticated for both admin areas (config/setup and
header admin). One reauthenticated you can enter the URL directly for either
admin screen with full capabilities in each.
No Followups Have Been Posted
No files currently attached
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1170&group_id=509
- [Phpgroupware-tracker] [Bug #1170] admin authentication and caching problems,
nobody <=