bwyatt Posted November 2, 2005 Posted November 2, 2005 In a future release, isnt it possible to have cookie login for the Admin CP. I am sure you can just borrow it from the member cookie login system?
Ipstenu Posted November 2, 2005 Posted November 2, 2005 Would you really want this? That means that if someone used your computer while you were logged into the board, they could trash it.
UBERHOST.NET Posted November 2, 2005 Posted November 2, 2005 Would you really want this? That means that if someone used your computer while you were logged into the board, they could trash it. Yep, and I have a clever little Yorkshire Terrier who's capable of carrying such a plan.
Ipstenu Posted November 2, 2005 Posted November 2, 2005 Hey, it's a really obvious security hole for anyone who admins their board from a shared computer. Sure, for a lot of people it's meaningless, but that sort of simple security check is a standard. Reentering a password when going to high-level administration is something a lot of web-managed code does, and it's beneficial in a business setting.
bfarber Posted November 2, 2005 Posted November 2, 2005 Cookie login for the ACP is not a very good idea, and I doubt it will be introduced into IPB in the near future. ;)
bwyatt Posted November 8, 2005 Posted November 8, 2005 Well, I meant have the option. "Remember Me" just like the member log in.
.SiLlY. Posted November 8, 2005 Posted November 8, 2005 Yep, and I have a clever little Yorkshire Terrier who's capable of carrying such a plan. lmao.. sometimes i wonder if my boxer is capable of such mischief. Strange things happen to my PC. lol
Coastie Posted November 8, 2005 Posted November 8, 2005 why does the ACP **ALWAYS* show this upon login??No administration session found I have never not seen that from any forum, and from any computer.
Ankit Posted November 9, 2005 Posted November 9, 2005 Yep, it's pretty annoying. At least have it as a checkbox option so we can use our own discretion. I'm pretty sure IPB is the only major BB software without this option.
bfarber Posted November 9, 2005 Posted November 9, 2005 Well, it's a security issue plan and simple. If someone hijacks your cookies (which has happened to users in the past), they could get into your ACP if it was cookie-enabled. Since you have to re-enter your password however, they cannot. What about other admins on your site? You might think you know them, but not everyone might be as security minded as yourself, or perhaps they might have room-mates, or friends or something that are mischeivous. For the 10 seconds it takes to login, I don't see any *advantages* to having cookie-enabled auto-login to the ACP. It creates an unnecessary security hole, and then when someone's site gets "hacked" because of it, then we would be at fault in their eyes for introducing the security hole.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.