[kwlug-disc] Your KWLUG web site account is at risk

Paul Nijjar paul_nijjar at yahoo.ca
Wed Jan 19 17:43:38 EST 2011


On Wed, Jan 19, 2011 at 04:11:56PM -0500, Chris Irwin wrote:
> On Wed, Jan 19, 2011 at 15:30, John Van Ostrand <john at netdirect.ca> wrote:
> > If you haven't logged in lately do so here http://kwlug.org/user
> 
> I've logged in to my account! I've logged in!
> 
> > If you've forgotten your password, follow the appropriate link and re-enable it.
> 
> I had to use the one-time-login from the site. I don't seem to be able
> to find a way to reset my password (the 'edit' tab is empty).
> 
> Also, I have an 'Administer' link on the left-side menu. It lets me
> see comments site-wide, but also looks like it will let me edit &
> delete them (I didn't try). I can also see spam (I might be able to
> approve, but I didn't test). I can also see logs. I probably should
> not have permission to the section at all.

I have removed the following permissions for members:

system module -> access administration pages
spam module -> administer spam
comment module -> administer comments

Could you see whether this has restricted your administrative powers
appropriately?

After the upgrade these issues may revert, so you maybe should check
again.

- Paul

-- 
http://pnijjar.freeshell.org 



More information about the kwlug-disc_kwlug.org mailing list