Security hole [SOLVED]

Post general support questions here that do not specifically fall into the Linux or Windows categories.

Moderators: Developers, Moderators

Post Reply
expat
Posts: 4
Joined: Tue Sep 27, 2005 4:45 am

Security hole [SOLVED]

Post by expat »

Noticed the following issue with version 0.8.6g:

Logged out as user. Entered http://cactihost/graph_view.php in broswer. Was taken to a page that allows viewing of *all* graphs, even though was not logged in.

Anyone else got this??

Regs.

Iain.
Last edited by expat on Thu Sep 29, 2005 11:26 am, edited 1 time in total.
User avatar
rony
Developer/Forum Admin
Posts: 6022
Joined: Mon Nov 17, 2003 6:35 pm
Location: Michigan, USA
Contact:

Post by rony »

This is normal behavor...

To disable this, remove the guest account from the Settings->Authenication->Guest User.
[size=117][i][b]Tony Roman[/b][/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]
expat
Posts: 4
Joined: Tue Sep 27, 2005 4:45 am

Post by expat »

Hmmm. Thanks.

Might be an idea to disable the guest account by default.
User avatar
rony
Developer/Forum Admin
Posts: 6022
Joined: Mon Nov 17, 2003 6:35 pm
Location: Michigan, USA
Contact:

Post by rony »

Next major release does that.
[size=117][i][b]Tony Roman[/b][/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]
Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests