Register   Login
Support  »  Product Forums
     
  Latest Posts  
Dark background skin
by craig on 7/04/2009 5:55 AM
RE: Trial peroid
by glenwin on 7/04/2009 4:45 AM
RE: Different skin for View Item?
by cchufook on 7/03/2009 10:29 PM
RE: Different skin for View Item?
by swebster on 7/03/2009 10:10 PM
Different skin for View Item?
by cchufook on 7/03/2009 8:13 PM
RE: Human friendly URL not working--Urgent
by Madz on 7/03/2009 11:26 AM
RE: Friendly URL and DNN4.8.0 ?
by Madz on 7/03/2009 11:25 AM
Human friendly URL not working--Urgent
by Madz on 7/03/2009 11:11 AM
RE: Google Sitemap Revisited
by georgelew on 7/03/2009 4:26 AM
RE: Strange error in PropertyAgent Latest
by smcculloch on 7/03/2009 3:39 AM
  Forums  
Forums > Modules > News Articles
Subject: SECURITY BUG: Latest Articles doesn't honor module settings
Prev Next
You are not authorized to post a reply.

Author Messages
Craig MillerUser is Offline
Silver Membership
Nuke Active Member
Nuke Active Member
Posts:28
1/27/2006 10:45 PM  
When the new article module is set so that only users in certain roles can view it, clicking on a link in the Latest Articles module displays the article to the user anyway (even if they aren't authenticated).

We want to show the titles of our latest articles to non-members in the Latest Articles section, but restrict viewing the actual articles when they click on the link.

Thanks,
Craig
Nick ClementsUser is Offline
Gold Membership
Nuke Active Member
Nuke Active Member
Posts:29
1/28/2006 1:06 PM  
Are you using the latest version? This was happening some time back but I think it is fixed now.
Regards,
Nick
Craig MillerUser is Offline
Silver Membership
Nuke Active Member
Nuke Active Member
Posts:28
1/31/2006 6:15 PM  
I think I am.  I downloaded the latest version and uploaded it as a module.  Does it automatically replace the older one that was previously installed when I do that?

www.cascaderovers.org

--Craig
Craig MillerUser is Offline
Silver Membership
Nuke Active Member
Nuke Active Member
Posts:28
2/02/2006 12:37 AM  
I don't mean to be a pest but this is turning into an issue with my board of directors.  Is there anything I can do to help resolve this?
Peter WarrenUser is Offline
Gold Membership
Nuke Addict
Nuke Addict
Posts:77
2/02/2006 1:59 AM  

Have you tried putting 2 copies of Latest Articles on the same page.  First instance is restricted to non-authenticated users and has the [LINK] tag removed from the HTML BODY (in the View Options for that module).  You can even add your own link or words to this HTML BODY which will be repeated for each latest article. 
The second instance is restricted to the roles that you want to have full access.  This unmodified module will function as required (as it does now but only in the security context).

If this is not sufficient, Scott will be back on the weekend.
Craig MillerUser is Offline
Silver Membership
Nuke Active Member
Nuke Active Member
Posts:28
2/04/2006 12:41 AM  
That will work until its fixed, but "security through obscurity" isn't really security though.  :-)

--Craig
Craig MillerUser is Offline
Silver Membership
Nuke Active Member
Nuke Active Member
Posts:28
2/05/2006 9:48 PM  
The problem only occurs if the "Launch Links" feature is checked in the "Latest Articles" module.

With it unchecked, security roles are properly enforced.

Thanks,
Craig
Mariette KnapUser is Offline
Registered Users
Nuke Master
Nuke Master
Posts:650
2/06/2006 3:57 AM  
Thanks Craig!!! That has answered my questions about security :-)

Subscribe for great articles and howtos. Get unlimited access to all content.Mariëtte Knap
www.smallbizserver.net
Mariette KnapUser is Offline
Registered Users
Nuke Master
Nuke Master
Posts:650
2/06/2006 6:13 AM  
Well, almost. I want different user roles to see different content for the articles, not for the summaries.

Subscribe for great articles and howtos. Get unlimited access to all content.Mariëtte Knap
www.smallbizserver.net
You are not authorized to post a reply.
Forums > Modules > News Articles > SECURITY BUG: Latest Articles doesn't honor module settings


ActiveForums 3.7
Terms Of Use   Privacy Statement   Copyright 2002-2008 Ventrian   Page generated in 0.609375 seconds