The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Single sign on for administrators and moderators?
Is there any way to bypass the adminCP/modCP login pages if a user is already logged in? I've had a flick through the mods and forums and can't find anything..
|
#2
|
|||
|
|||
I hope not, that would be a serious security risk.
|
#3
|
|||
|
|||
Can you expand on that please Marco?
A user has already supplied their credentials already to log in, and they're also a moderator. Why shouldn't they be one click away from seeing their moderator control panel? I'm not disagreeing, something tells me it's a risk too, but I can't put my finger on why when they have already authenticated themselves. |
#4
|
|||
|
|||
One of the reasons would be that a regular login would allow the "Remember Me" to be ticked. Imagine a staff member, maybe on holiday, using a public computer to check the forum and forget to logout. The next visitor would have all Mod/Admin options open without login.
|
#5
|
|||
|
|||
Point taken, but is there not just as much risk of the browser remembering the credentials? I could do without the remember me feature. If I were to strip that, could it be possible?
--------------- Added [DATE]1205332301[/DATE] at [TIME]1205332301[/TIME] --------------- Plus from here on in, if you don't mind, let's only refer to the modcp. If a moderator does act as above, the worst that can happen to my knowledge is that their individual forum is corrupted. --------------- Added [DATE]1205332414[/DATE] at [TIME]1205332414[/TIME] --------------- And I should also, also add that this instance is behind a company firewall. So hopefully, there would be an element of trust involved if someone were to stumble across a machine in the above state. --------------- Added [DATE]1205405412[/DATE] at [TIME]1205405412[/TIME] --------------- Does anyone else have any thoughts on why we shouldn't have SSO between the main forum and the modcp if we're behind a firewall? |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|