[kwlug-disc] Your KWLUG web site account is at risk
Paul Nijjar
paul_nijjar at yahoo.ca
Wed Jan 19 17:43:38 EST 2011
On Wed, Jan 19, 2011 at 04:11:56PM -0500, Chris Irwin wrote:
> On Wed, Jan 19, 2011 at 15:30, John Van Ostrand <john at netdirect.ca> wrote:
> > If you haven't logged in lately do so here http://kwlug.org/user
>
> I've logged in to my account! I've logged in!
>
> > If you've forgotten your password, follow the appropriate link and re-enable it.
>
> I had to use the one-time-login from the site. I don't seem to be able
> to find a way to reset my password (the 'edit' tab is empty).
>
> Also, I have an 'Administer' link on the left-side menu. It lets me
> see comments site-wide, but also looks like it will let me edit &
> delete them (I didn't try). I can also see spam (I might be able to
> approve, but I didn't test). I can also see logs. I probably should
> not have permission to the section at all.
I have removed the following permissions for members:
system module -> access administration pages
spam module -> administer spam
comment module -> administer comments
Could you see whether this has restricted your administrative powers
appropriately?
After the upgrade these issues may revert, so you maybe should check
again.
- Paul
--
http://pnijjar.freeshell.org
More information about the kwlug-disc
mailing list