Re: Q Restriction on Web bug?
By: Dumas Walker to All on Thu Dec 05 2024 11:01 am
> If a Q restricted user logs into the bbs via telnet, SSH, etc., they are
> only shown the QWK menu and if they choose to "quit back to the BBS," the
> system immediately logs them off. The Q-restricted account cannot access
> any message areas, or anything else on the system.
A Q-restricted account actually can perform a "normal" login by prepending a '*'
to their login-id.
> If a Q restricted user logs onto the web interface (both the older "runes"
> or the newer ecweb), they are able to access message areas and even post
> using their QWK ID.
>
> I would call this a "bug" since it is allowing the web interface to act in a
> different (and unintended) manner from the terminal interface, but I am also
> guessing there is some way that I can add something to an existing INI file
> to prevent this behavior?
You can set SCFG->Servers->Web Server->Login Requirements (in v3.20a) to "REST N
OT Q" and then Q-restricted users won't be able to authenticate with the web ser
ver. There's probably other ways to limit access to (e.g. webctrl.ini files and
maybe something ecWeb-specific), but that's a true brute-force way.
--
digital man (rob)
Synchronet "Real Fact" #80:
85 SBBSecho registrations were sold (at $49) between 1994 and 1996
Norco, CA WX: 69.2°F, 49.0% humidity, 1 mph WNW wind, 0.01 inches rain/24hrs
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
|
