[SOLVED] cb invites security
- mark102
- OFFLINE
-
Junior Member
- Posts: 29
- Thanks: 0
- Karma: 0
12 years 9 months ago - 12 years 9 months ago #170347
by mark102
[SOLVED] cb invites security was created by mark102
Hi,
isn't possibile to force the ID owner field as read only or to hide it completely?
When I compose an invite is possible to edit the owner ID so that the invitation is sent as I was another user (which corresponds with ID owner). I don't think it is a good purpose for security reason.
Can you help me with it, please ?
isn't possibile to force the ID owner field as read only or to hide it completely?
When I compose an invite is possible to edit the owner ID so that the invitation is sent as I was another user (which corresponds with ID owner). I don't think it is a good purpose for security reason.
Can you help me with it, please ?
Last edit: 12 years 9 months ago by krileon.
Please Log in to join the conversation.
krileon
Team Member- OFFLINE
- Posts: 68587
- Thanks: 9104
- Karma: 1434
12 years 9 months ago #170407
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Re: cb invites security
Owner ID is only presented to the user if they're a Moderator. Standard users have zero access to Owner ID. If they try to edit the POST data and send Owner ID then PHP won't allow it. It's secured perfectly fine; you're welcome to review source.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- mark102
- OFFLINE
-
Junior Member
- Posts: 29
- Thanks: 0
- Karma: 0
12 years 9 months ago #170412
by mark102
Replied by mark102 on topic Re: cb invites security
I expected the answer was this! very well! Regards.
Please Log in to join the conversation.
Moderators: beat, nant, krileon
Time to create page: 0.162 seconds
-
You are here:
- Home
- Forums
- Support and Presales
- Professional Members Support
- [SOLVED] cb invites security