RE: Want Some Opinions

[Replies] [Reply] [View by Thread] [Help]
[Back To Security]

Lt Obscurity

On the note of only admins can access the database...

I know many many forums, from PHPBB to VBulletin that have multiple admin users. In which each level an admin has restricted oppurtunity towards certain data. For example, Admin Level 1 can only Ban, SuperBan, and Delete topics. Admin Level 2 can do everything Level 1 can, plus Create/Delete forums, edit info excluding passwords and send out 'forum-wide' messages via email or PM. Admin Level 3 has complete control, and is effectively known as Root.

So I see a huge problem with that logic.

Catch me on CAIRC

#FirewallProject
#CA-UUG
#BSD
#Metal

Replies:

phpBB 2.0.7a And Earlier Security Issues - Ker JeiAr 2004-03-22 04:23:47
- Some Fixes For These Issues - Ret. Ker JeiAr 2004-03-25 12:11:30
  - sweet man :) - LtKer Semper 2004-03-25 16:48:09
    - RE: sweet man :) - Ret. Ker JeiAr 2004-03-25 19:01:33
- Hmmmm ... - Ker JeiAr 2004-03-23 20:40:47
  - Hah. - Lt Obscurity 2004-03-24 03:17:41
- Want Some Opinions - Ker JeiAr 2004-03-23 05:18:00
  - >RE: Want Some Opinions - Lt Obscurity 2004-03-23 07:46:48 <
    - I'm with you, they are on crack with this one... - Ret. Mar Ikioi 2004-03-23 11:00:34
      - RE: I'm with you, they are on crack with this one... - Ker JeiAr 2004-03-23 17:14:55
      - Development Teams Reply - Lt Obscurity 2004-03-23 14:19:18
        RE: Development Teams Reply - Ker JeiAr 2004-03-23 17:17:53
        RE: Development Teams Reply - Ker JeiAr 2004-03-23 17:31:30
        RE: Development Teams Reply - Lt Obscurity 2004-03-23 17:25:16
        RE: Development Teams Reply - Ker JeiAr 2004-03-23 17:33:40
        RE: Development Teams Reply - Lt Obscurity 2004-03-23 18:15:38
        RE: Development Teams Reply - Ker JeiAr 2004-03-23 19:39:35
        RE: Development Teams Reply - Lt Obscurity 2004-03-24 03:14:15
      - Posted to their forum... - Ret. Mar Ikioi 2004-03-23 11:37:22
        RE: Posted to their forum... - Ker JeiAr 2004-03-23 17:49:48
        Argh if someone could delete the post previous - Lt Obscurity 2004-03-23 11:50:55
        Done :) - Ret. Ker JeiAr 2004-03-24 05:31:16
        Hah thanks... - Lt Obscurity 2004-03-24 06:04:35
    - RE: Want Some Opinions - Ker JeiAr 2004-03-23 08:05:01
      - To be honest... - Lt Obscurity 2004-03-23 08:21:38
        RE: To be honest... - Ker JeiAr 2004-03-23 08:32:53
        RE: To be honest... - Lt Obscurity 2004-03-23 08:40:09
        RE: To be honest... - Ker JeiAr 2004-03-23 08:54:05
        RE: To be honest... - Lt Obscurity 2004-03-23 09:07:57
        'respond' :D -nt- - LtKer Bastian 2004-03-23 11:16:40
        RE: To be honest... - Maj zaydana 2004-03-23 09:25:26
        GPL... just fork it. ;) -nt- - Ret. Mar Ikioi 2004-03-23 11:39:41
        Ikioi [more] - Lt Obscurity 2004-03-24 10:21:14

Guest:
Subject:
Message:	On 2004-03-23 07:46:48, Obscurity wrote >On the note of only admins can access the database... > >I know many many forums, from PHPBB to VBulletin that have multiple admin users. In which each level an admin has restricted oppurtunity towards certain data. For example, Admin Level 1 can only Ban, SuperBan, and Delete topics. Admin Level 2 can do everything Level 1 can, plus Create/Delete forums, edit info excluding passwords and send out 'forum-wide' messages via email or PM. Admin Level 3 has complete control, and is effectively known as Root. > >So I see a huge problem with that logic.
Signature:
Optional Image Link:
http://

CyberArmy::Forum v0.6
Generated In 0.11092 seconds