Re: [webmin-devel] A litle security fix

Thanks for the fix - I'm not sure why I didn't implement it this way in
the first place! I have incorporated it into the main Webmin codebase,
but with a small change to add backwards compatability so that existing
host-based ACLs still work.

 - Jamie

On Thu, 2004-05-13 at 07:16, Hernando Furlan wrote:
> Hi Jamie,
> 
> I was a problem when using "Webmin Servers Index" with many remote
> servers with same IP address and diferent users ACLs.
> 
> Default ACLs uses the IP addresses to Index Servers and to check users
> permissions. IE: You have "root" and "admin" users. You want to give
> access to 192.168.0.27 to root but not admin. You set ACLs to root and
> not admin but admin gains access because permissions are checked against
> the server IP address. I changed this to check by ID that found in
> servers index (I think it is a time perl function) and I solved this
> issue.
> 
> Look the files yourself.
> 
> Best regards,



-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
-
Forwarded by the Webmin development list at webmin-devel@xxxxxxxxxx
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-devel