ALERT
|
| Posted: 07/25/2002, 10:56 AM |
|
OK here is the deal. If you have 2 applications running on the same website you may have a security problem.
Here is how it works.
Lets say you have a portal site set up and you have diferent access levels 1, 2, and 3 where 1 is a user, 2 is a content admin and 3 is admin(god). now you have a sibdirectory with a annother application whith annother application that also has 3 levels of access. anyone that has level 3 access on either application can access pages from either application that require level 3.
Hee is why.
CodeCharge looks at the sesion variable and get the access level. The session variable is good accross the entire web including sub directories. so if i log into a sub application with level 3 access and then go to the home directory i can access adminmenu.asp or whatever admin page I want on the entire website.
There are many ways to fix this and many different security options. this applies to the default security for code charge.
|
|
|
 |
Jeroen
|
| Posted: 07/25/2002, 3:45 PM |
|
How can you fix it then? By closing the session at a certain point?
|
|
|
|
Joachim Uersfeld
|
| Posted: 07/25/2002, 4:27 PM |
|
This is'nt a problem with CCS. Give the variables 'UserID' and 'GroupID' anothers names for each directory (Project Settings -> Security -> Advanced).
|
|
|
|
Nicole
|
| Posted: 07/27/2002, 6:04 AM |
|
Hello,
the solution for CC requires to use different session variable names for different CC sites. Please refer to the following thread for detailed information:
http://www.gotocode.com/disc_viewt.asp?mid=5932&s_topic=%5Fapp1&
|
|
|
|
|
