Possible Password Security Issue

Talk about writing modules and plugins for CMS Made Simple, or about specific core functionality. This board is for PHP programmers that are contributing to CMSMS not for site developers
Post Reply
A CMSMS User

Possible Password Security Issue

Post by A CMSMS User »

It seems that password security was slightly overlooked in one non-technical aspect:

If a Group has the Permission to Modify Users, that Group can change anyone's password - not just their own.

I think this could cause problems, especially for my governmental client, where I will be giving each official an initial password that they will be allowed to change. I don't think that I will be able to allow them to change their passwords, lest they gain the capacity to change other's.

Otherwise, thanks for a great product.


Note:  I am currently using 0.11beta3.  If this problem was corrected in a more recent version, I apologize.
Top
Ted
Power Poster
Power Poster
Posts: 3329
Joined: Fri Jun 11, 2004 6:58 pm
Location: Fairless Hills, Pa USA

Re: Possible Password Security Issue

Post by Ted »

This has been changed.  There is now an option to Modify Profile which doesn't require Modify Users to get to.  That should help the situation.  :)
Top
A CMSMS User

Re: Possible Password Security Issue

Post by A CMSMS User »

Thanks.
Top
Post Reply

Return to “Developers Discussion”