Security problem with "Mandanten" administration
Verfasst: Fr 4. Jul 2003, 07:39
On the Contenido 4.3.1 beta WAMP incl. demo datebase.
Defining a new site exposes a security problem using the "mandanten" administration.
1) Log onto the backend using the "sysadmin" user.
2) Define a new "Mandanten". Name it "Kunde 2"
3) Define a language "deutch" under "Kunde 2"
Remember that the standard user "admin" is defined to have administrator access ONLY to the standard site "Kunde".
Now log in as "admin" and go to " Administation | Mandanten " and click on the "Kunde 2".
The user is able to modify "Mandanten - Eigenschaften" on all "Mandanten" although the users is not defined to be able to administer anything but "Kunde".
Ojo
Defining a new site exposes a security problem using the "mandanten" administration.
1) Log onto the backend using the "sysadmin" user.
2) Define a new "Mandanten". Name it "Kunde 2"
3) Define a language "deutch" under "Kunde 2"
Remember that the standard user "admin" is defined to have administrator access ONLY to the standard site "Kunde".
Now log in as "admin" and go to " Administation | Mandanten " and click on the "Kunde 2".
The user is able to modify "Mandanten - Eigenschaften" on all "Mandanten" although the users is not defined to be able to administer anything but "Kunde".
Ojo