User Authentication Setup
David Lloyd
lloy0076 at rebel.net.au
Tue Jul 10 22:14:52 PDT 2001
Hi There!
I've managed to get Freeside running, however I have an issue:
If I have an agent "basic agent", how does one stop "basic agent" from
fiddling with the administration settings?
- running a separate page without those settings on doesn't seem secure
enough to me
(i.e. I could authenticate as the real user, setup a trojan freeside
on my own web servers and so on...)
- specifically, it looks as though once a user is authenticated they
have full administration rights; a clerk at the desk, for example, could
invent an unlimited download plan with no costs with the click of a few
buttons
DSL
--
"The greatest thing you'll ever learn is
just to love and to be loved in return."
- David Bowie (Nature Boy from Moulin Rouge)
More information about the freeside-users
mailing list