The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Let's discuss cloaking, backups, and super administrators
#1
Security and convenience are often at odds with each other and that's the line we often walk when developing something like userspice. How do we give you access to the features you want and protect you from accidentally opening up your system to problems.

Right now there is a variable (array) declared in init.php called $master_account. Why would we use a hard coded variable? To be honest, I want it to be intentionally difficult to give someone this sort of power.

The fact is, you can override this variable in a lot of different ways. Since it's called in init, you can even generate this array in your own header based on permission levels or whatever you want.

Currently this system affects 3 things:
1. The ability to override maintenance mode.
2. The ability to cloak into another user.
3. The ability to manage backups, which includes fully exporting source code and databases.

Thoughts?
  Reply
#2
There's also a little hotfix to fix the horizontal scrollbar on admin.php compliments of user @muhammedc

https://pastebin.com/F7P2FxPq
  Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)