SECURITY BUG: Latest Articles doesn't honor module settings > Product Forums

Unanswered Active Topics

Forums Search Members

Subject: SECURITY BUG: Latest Articles doesn't honor module settings

You are not authorized to post a reply.

Author

Messages

Craig Miller User is Offline

Registered Users

Ventrian Active Member
Posts:39

1/27/2006 10:45 PM
When the new article module is set so that only users in certain roles can view it, clicking on a link in the Latest Articles module displays the article to the user anyway (even if they aren't authenticated). We want to show the titles of our latest articles to non-members in the Latest Articles section, but restrict viewing the actual articles when they click on the link. Thanks, Craig

Nick Clements User is Offline

Gold Membership

Ventrian Active Member
Posts:29

1/28/2006 1:06 PM
Are you using the latest version? This was happening some time back but I think it is fixed now.

Regards, Nick

Craig Miller User is Offline

Registered Users

Ventrian Active Member
Posts:39

1/31/2006 6:15 PM
I think I am. I downloaded the latest version and uploaded it as a module. Does it automatically replace the older one that was previously installed when I do that? www.cascaderovers.org --Craig

Craig Miller User is Offline

Registered Users

Ventrian Active Member
Posts:39

2/02/2006 12:37 AM
I don't mean to be a pest but this is turning into an issue with my board of directors. Is there anything I can do to help resolve this?

Peter Warren User is Offline

Gold Membership

Ventrian Addict
Posts:77

2/02/2006 1:59 AM
Have you tried putting 2 copies of Latest Articles on the same page. First instance is restricted to non-authenticated users and has the [LINK] tag removed from the HTML BODY (in the View Options for that module). You can even add your own link or words to this HTML BODY which will be repeated for each latest article. The second instance is restricted to the roles that you want to have full access. This unmodified module will function as required (as it does now but only in the security context). If this is not sufficient, Scott will be back on the weekend.

Craig Miller User is Offline

Registered Users

Ventrian Active Member
Posts:39

2/04/2006 12:41 AM
That will work until its fixed, but "security through obscurity" isn't really security though. :-) --Craig

Craig Miller User is Offline

Registered Users

Ventrian Active Member
Posts:39

2/05/2006 9:48 PM
The problem only occurs if the "Launch Links" feature is checked in the "Latest Articles" module. With it unchecked, security roles are properly enforced. Thanks, Craig

Mariette Knap User is Offline

Gold Membership

Ventrian Master
Posts:665

2/06/2006 3:57 AM
Thanks Craig!!! That has answered my questions about security :-)

Mariëtte Knap Microsoft MVP

Mariette Knap User is Offline

Gold Membership

Ventrian Master
Posts:665

2/06/2006 6:13 AM
Well, almost. I want different user roles to see different content for the articles, not for the summaries.

Mariëtte Knap Microsoft MVP

You are not authorized to post a reply.

Forums > Modules > News Articles > SECURITY BUG: Latest Articles doesn't honor module settings