dudes, let's stop supposing that the developers of phpbb are doing anything on purpose to prevent people from getting in the admin's panel. First, they have never said anything of the such, and second, if they are trying to prevent users from getting into the admin's panel, they are not doing a very good job.
In fact, I've never once experienced trouble logging into the admin's panel. This leads me to believe that they really are not trying to cover anything up (or at the very least, the admin's panel).
Just my 2 cents, anyways..........
admin panel?
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Re: admin panel?
Think that the developers have secretly stopped working on PhpBB v2.2? Think again........see the latest progress HERE:
Re: admin panel?
What everyone has to bear in mind is that the ACP is still a work in progress, there are bits which are not finished.
However the reauthentication to access it will stay for reasons of security. This means that to access the ACP, you must know the password, you can't do it just by stealing or faking the cookie based on other information (which has been one of the more common reported methods seen on 2.0.x)
However the reauthentication to access it will stay for reasons of security. This means that to access the ACP, you must know the password, you can't do it just by stealing or faking the cookie based on other information (which has been one of the more common reported methods seen on 2.0.x)
- cyberCrank
- Registered User
- Posts: 560
- Joined: Wed Jan 28, 2004 3:38 am
- Location: Ethereal Bliss
Re: admin panel?
This is doable and not unreasonable and makes sense as long as the username and password is known to be entered explicitly and manually for an Administration account, then the Sessions Table record could have the session_admin field set to 1 to indicate explicit authentication has occurred. Once this is done, it appears to remain set for the life of the session.Roberdin wrote:I'm not disputing that it's an excellent security measure, what I am disputing is the need to reauthenticate under the following circumstances:
1. Autologin is NOT enabled.
2. User has logged on (authenticated) within the last minute.
But, one concern still resides with ACP athentication and that is the fact that alternate methods exist that capture username-password combinations (as with Windows IE) and phpBB does not deactivate this mechanism as is done with some other web apps.
Re: admin panel?
If you hate the re-authentication so much all you need to do is comment out 3-4 lines. Is that difficult?
Don't give me my freedom out of pity!
Re: admin panel?
It might be for guys like him, that don't know much about php. But then again, you shouldn't be using the CVS unless you really know what you are doing.
-
-
- Registered User
- Posts: 172
- Joined: Sun Aug 10, 2003 8:53 pm
- Location: folkestone, kent, uk
- Contact:
Re: admin panel?
imo thats a very nice feature. Can sleep safe knowing you won't get hackedGraham wrote: However the reauthentication to access it will stay for reasons of security. This means that to access the ACP, you must know the password, you can't do it just by stealing or faking the cookie based on other information (which has been one of the more common reported methods seen on 2.0.x)
Re: admin panel?
Agreeq3utom wrote:imo thats a very nice feature. Can sleep safe knowing you won't get hackedGraham wrote: However the reauthentication to access it will stay for reasons of security. This means that to access the ACP, you must know the password, you can't do it just by stealing or faking the cookie based on other information (which has been one of the more common reported methods seen on 2.0.x)
Re: admin panel?
Get used to it, it ain't changing.Roberdin wrote:1. Autologin is NOT enabled.
2. User has logged on (authenticated) within the last minute.
Re: admin panel?
It ain't changing but there can be a mod on it right?Anyway, is the admin panel puposefully not functioning?
lwq
Re: admin panel?
phpBB is relesed under the GPL so change that code if you like to, it aint so enaoying (not enoying at all in my opinion).lwq wrote:It ain't changing but there can be a mod on it right?Anyway, is the admin panel puposefully not functioning?
what "puposefully" means I dont know!