[opencms-dev] Confirming sub Organizational Unit users/groups permissions bug
Michael Moossen
m.moossen at alkacon.com
Wed Feb 20 10:06:16 CET 2008
Hi all!
> This user can also edit admin user and use the "switch user"
> functionality in order to become the admin user and get access to all
> areas or CMS.
problem solved and just committed to the HEAD.
Kind regards,
Michael
-------------------
Alkacon Software GmbH - The OpenCms Experts
http://www.alkacon.com - http://www.opencms.org
Visit us on CeBIT expo in Hannover, Germany
March 4 to March 9, 2008 - Hall 5 Stand F59/3
Fabian Huschka wrote:
> Hello Micheal,
>
>
> Michael Moossen schrieb:
>> Hi Oli!
>>
>> No, this are not the same.
>>
>> your 'problem' has 2 parts:
>> > This user can then see the parent unit and edit all those users.
>> No, this should not be the case, and i can not reproduce it.
>>
>> > This user can also edit admin user and use the "switch user"
>> > functionality in order to become the admin user and get access to all
>> > areas or CMS.
>> this works as designed or better said we have not really think about
>> this. it is not decided yet if we will do something about this in 7.0.4.
>>
> We are very concerned with this "feature" as it enables the user to lock
> out the admin by simply changing its password. In certain shared hosting
> environments this is a nightmare.
>> Kind regards,
>> Michael
>>
>> -------------------
>>
>> Alkacon Software GmbH - The OpenCms Experts
>> Michael Moossen
>> An der Wachsfabrik 13
>> 50996 Koeln, DE
>>
>> Besuchen Sie uns auf der CeBIT 2008
>> Halle 5, Stand F59/3
>>
>> Tel: +49 (0)2236 3826-0
>> Fax: +49 (0)2236 3826-20
>> Email: m.moossen at alkacon.com
>>
>> http://www.alkacon.com
>> http://www.opencms.org
>>
>>
>>
>
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://lists.opencms.org/mailman/listinfo/opencms-dev
More information about the opencms-dev
mailing list