Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/O Code)
 prevent members from getting to admin_home.asp		  New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

weeweeslap
Senior Member

USA
1077 Posts
Posted - 16 July 2003 :  20:12:33  Show Profile  Visit weeweeslap's Homepage  Send weeweeslap an AOL message  Send weeweeslap a Yahoo! Message
Hi,
Is there a way to prevent regular members from accessing the admin_home.asp I noticed anyone can access it and try to guess the password to get in. Maybe you guys, in a security patch or something, have it check so that the user is mlevel=3 before being able to view the admin_home.asp page, if not mlevel=3 then redirect to a message or the default.asp page? I tried it out of curiosity on several of my forums and I was able to access it.
coaster crazy

altisdesign
Junior Member

United Kingdom
357 Posts
Posted - 16 July 2003 :  20:15:47  Show Profile
Surely if the admin passowrd is secure and hard to guess, then there is very little risk of someone getting in? Its a miniscule chance. Also, I may be wrong, but then I think you'd get problems if you were trying to login as an admin user when you close the board, because you might not be mlevel=3 because the board is shutdown, so it would prevent you logging in as an admin to reopen the board. It wouldn't be hard to do, but you might have to consider that in mind and check the board wasnt closed first.

-Altis Design
Altis Design offers all manner of web design services to a variety of commercial and personal clients
Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts
Posted - 16 July 2003 :  20:20:39  Show Profile
Security patch? For what? Right now, you do not have to be logged into the forum in order to log in as an Admin. If you close your forum by using down.asp, and you weren't able to access admin_home.asp, you wouldn't be able to open your forum again.

Even restricting access to admin_home.asp won't prevent someone from guessing an Admin's password. All they would have to do is attempt to login using the normal login.

If you want to request someone make a MOD for this, that's fine though....

Moving to the MOD Add-On Forum (W/O Code) forum....
Go to Top of Page

davemaxwell
Access 2000 Support Moderator

USA
3020 Posts
Posted - 16 July 2003 :  21:27:43  Show Profile  Visit davemaxwell's Homepage  Send davemaxwell an AOL message  Send davemaxwell an ICQ Message  Send davemaxwell a Yahoo! Message
The way admin_home works is it forces you to relog in as the admin and sets a session variable. This is to try and add EXTRA security because you can't just access an admin logged on and get into the admin area. It forces you to log in specifically.

If your admin password is that easy to guess, you're in for a heap of trouble because if they can guess it for admin_home, they can guess it for the main login since they are one and the same.
Dave Maxwell
Barbershop Harmony Freak
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.27 seconds. Powered By: Snitz Forums 2000 Version 3.4.07