[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550
- Subject: Re: [cobalt-users] MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550
- From: "alex" <alex@xxxxxxxxxxxxxxxxx>
- Date: Fri Jun 6 11:07:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
This weekend I will try to develop a security php script.
----- Original Message -----
From: "ISEE Multimedia" <mail@xxxxxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Friday, June 06, 2003 7:51 PM
Subject: Re: [cobalt-users] MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL)
COBALT-550
>
>
> > MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550
> >
> > I sent a radiance to SUN two months ago and Sun engineers haven't solved
> > this problem.
> >
> > I think that problem know is known by many people but it is not solved
> >
> > If you are an adminsite you can acces to all the adminsite accounts of
the
> > server, you only have to change the url variable.
> > I'm going to give you an example:
> >
> > I'm the adminsite of domain.com, I acces the GUI SITE ADMIN and the url
> that
> > i have in the browser is:
> >
> >
>
https://www.domain.net:81/nav/cList.php?root=sitemanageRoot&group=site13&hostname=www.domain.net&goto=base_userList
> >
>
> couldnt you just add a authentiction to the page that pulls the user from
> the main database, i.e
>
> if your not the user of that site and your user level is not administrator
> then you would get an login error. I Cant see it being that hard. php is
> quite flexible.
>
> but i dont have a 550 so i couldnt play with it.
>
>
> Regards,
>
> Mark Priest
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>