admin panel

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
who_cares
Registered User
Posts: 218
Joined: Mon Feb 07, 2005 1:20 pm
Contact:

admin panel

Post by who_cares »

Why would we need to log in twice to get to the admin panel in 3.x?

It really is annoying.

Natan
Registered User
Posts: 304
Joined: Tue Dec 30, 2003 4:31 pm
Contact:

Re: admin panel

Post by Natan »

You wouldn't. Somethings probably wrong with your cookies.
"You may only be one person to the world, but you may also be the world to one person."

who_cares
Registered User
Posts: 218
Joined: Mon Feb 07, 2005 1:20 pm
Contact:

Re: admin panel

Post by who_cares »

probably, but then again this is a cvs version

ElbertF
Registered User
Posts: 583
Joined: Fri Dec 03, 2004 4:35 pm
Location: tracing..
Contact:

Re: admin panel

Post by ElbertF »

No, it's added security. If you're logged on and someone else uses your computer, he wont be able to get in the ACP.

who_cares
Registered User
Posts: 218
Joined: Mon Feb 07, 2005 1:20 pm
Contact:

Re: admin panel

Post by who_cares »

Oh, thats cool. Annoying yet cool.

Natan
Registered User
Posts: 304
Joined: Tue Dec 30, 2003 4:31 pm
Contact:

Re: admin panel

Post by Natan »

I misread the original question. Yes, to get to the admin panel, you will need to retype your password for added security.
"You may only be one person to the world, but you may also be the world to one person."

Magnotta
Registered User
Posts: 80
Joined: Wed Feb 09, 2005 12:49 am

Re: admin panel

Post by Magnotta »

chances are that someone else will also find it annoying and perhaps after the final version is released someone will make a mod so you don't have to re-login.

who_cares
Registered User
Posts: 218
Joined: Mon Feb 07, 2005 1:20 pm
Contact:

Re: admin panel

Post by who_cares »

That'd be nice. Even better if the developers made it an option in the control panel.

Martin Blank
Registered User
Posts: 687
Joined: Sun May 11, 2003 11:17 am

Re: admin panel

Post by Martin Blank »

They're not going to allow it to be disabled in the core code, and they've stated this already.

Right now, many of the security issues come around because critical functions are available if you get an admin's password hash, which can be used to recreate the user's auto-login cookie. While the vulnerability to auto-login hasn't changed (and really can't be mitigated easily), what has changed is that to access the ACP, you have to enter the password again, which creates a session cookie tied to both password and IP address (IIRC) that is destroyed at the end of the session (browser close or timeout). This will (hopefully) prevent anyone from getting too much power if they do manage to get the key.
You can never go home again... but I guess you can shop there.

who_cares
Registered User
Posts: 218
Joined: Mon Feb 07, 2005 1:20 pm
Contact:

Re: admin panel

Post by who_cares »

I guess that makes sense. Loseing control of the admin panel can't be good.

Post Reply