Posted by david on 14 February 2012 at 4:53 am
Last night I did an audit of the privileges, compared to the ones used in apps. It appears some of the privileges didn't make it into the app install processes. One of those, which I spent half an hour trying to figure out, was user registration. I was working on the dashboard and couldn't figure out why it wasn't displaying a login/register form when a guest user visited the dashboard. Guests didn't have the privilege of logging in or registering. I fixed it in the database and decided to audit the other apps for privileges. I made a note of all of the missing privileges and wrote a temporary routine into the security app to log queries of privileges that do not exist.


Log in to comment

No comments yet!