Register   Login

Home
       Private Messages
       Where Are They?

Products
       Modules
          Child Links
          Content Rotator
          Feedback Center
          File Links
          News Articles
          Private Messages
          Property Agent
          Quotes
          Shout Box
          Simple Gallery
          Subscription Tools
          Where Are They?
       Skins
          Venture
          Ventrian
       Skin Objects
          Page Generated
          Support Info

Support
       Product Forums
       Documentation
       Feedback Center
       Contact Support

Company
       Our History
       Our Customers
       Testimonials
       Link To Us
       Contact Us

Resources
       Articles
       Blog
       Books
       Presentations
       Projects
          Friendly Urls
          TinyMCE Provider

Subscribe
       Sales FAQs
       License Details
       Host Membership

Download
Support  »  Product Forums
     
  Latest Posts  
RE: property sold!!! preselect search fields
by schwall on 9/06/2010 12:11 AM
RE: Main image and listing image
by smcculloch on 9/05/2010 6:12 PM
RE: Amazon S3 integration
by smcculloch on 9/05/2010 6:03 PM
RE: property sold!!! preselect search fields
by smcculloch on 9/05/2010 6:02 PM
RE: Property Manager as Classified Ads
by Rodney.Wimberly on 9/05/2010 5:14 PM
RE: property sold!!! preselect search fields
by j22 on 9/05/2010 12:34 PM
RE: [Suggestion] Review Form Features
by goblanks on 9/05/2010 11:26 AM
RE: property sold!!! preselect search fields
by schwall on 9/05/2010 10:26 AM
RE: property sold!!! preselect search fields
by KriDom on 9/05/2010 9:04 AM
RE: Property Agent Import&Export
by KriDom on 9/05/2010 8:51 AM
  Forums  
Forums > Modules > News Articles
Subject: SECURITY BUG: Latest Articles doesn't honor module settings
Prev Next
You are not authorized to post a reply.

Author Messages
Craig MillerUser is Offline
Registered Users
Ventrian Active Member
Ventrian Active Member
Posts:39
1/27/2006 10:45 PM  
When the new article module is set so that only users in certain roles can view it, clicking on a link in the Latest Articles module displays the article to the user anyway (even if they aren't authenticated).

We want to show the titles of our latest articles to non-members in the Latest Articles section, but restrict viewing the actual articles when they click on the link.

Thanks,
Craig
Nick ClementsUser is Offline
Gold Membership
Ventrian Active Member
Ventrian Active Member
Posts:29
1/28/2006 1:06 PM  
Are you using the latest version? This was happening some time back but I think it is fixed now.
Regards,
Nick
Craig MillerUser is Offline
Registered Users
Ventrian Active Member
Ventrian Active Member
Posts:39
1/31/2006 6:15 PM  
I think I am.  I downloaded the latest version and uploaded it as a module.  Does it automatically replace the older one that was previously installed when I do that?

www.cascaderovers.org

--Craig
Craig MillerUser is Offline
Registered Users
Ventrian Active Member
Ventrian Active Member
Posts:39
2/02/2006 12:37 AM  
I don't mean to be a pest but this is turning into an issue with my board of directors.  Is there anything I can do to help resolve this?
Peter WarrenUser is Offline
Gold Membership
Ventrian Addict
Ventrian Addict
Posts:77
2/02/2006 1:59 AM  

Have you tried putting 2 copies of Latest Articles on the same page.  First instance is restricted to non-authenticated users and has the [LINK] tag removed from the HTML BODY (in the View Options for that module).  You can even add your own link or words to this HTML BODY which will be repeated for each latest article. 
The second instance is restricted to the roles that you want to have full access.  This unmodified module will function as required (as it does now but only in the security context).

If this is not sufficient, Scott will be back on the weekend.
Craig MillerUser is Offline
Registered Users
Ventrian Active Member
Ventrian Active Member
Posts:39
2/04/2006 12:41 AM  
That will work until its fixed, but "security through obscurity" isn't really security though.  :-)

--Craig
Craig MillerUser is Offline
Registered Users
Ventrian Active Member
Ventrian Active Member
Posts:39
2/05/2006 9:48 PM  
The problem only occurs if the "Launch Links" feature is checked in the "Latest Articles" module.

With it unchecked, security roles are properly enforced.

Thanks,
Craig
Mariette KnapUser is Offline
Gold Membership
Ventrian Master
Ventrian Master
Posts:665
2/06/2006 3:57 AM  
Thanks Craig!!! That has answered my questions about security :-)
Mariëtte Knap
Microsoft MVP
Mariette KnapUser is Offline
Gold Membership
Ventrian Master
Ventrian Master
Posts:665
2/06/2006 6:13 AM  
Well, almost. I want different user roles to see different content for the articles, not for the summaries.
Mariëtte Knap
Microsoft MVP
You are not authorized to post a reply.
Forums > Modules > News Articles > SECURITY BUG: Latest Articles doesn't honor module settings


ActiveForums 3.7
Terms Of Use   Privacy Statement   Copyright 2002-2010 Ventrian   Page generated in 0.703125 seconds