Jump to content

Admin CP Cookies


Guest bwyatt

Recommended Posts

Posted

In a future release, isnt it possible to have cookie login for the Admin CP. I am sure you can just borrow it from the member cookie login system?

Posted

Would you really want this? That means that if someone used your computer while you were logged into the board, they could trash it.


Yep, and I have a clever little Yorkshire Terrier who's capable of carrying such a plan. 1dog7mh.gif
Posted

Hey, it's a really obvious security hole for anyone who admins their board from a shared computer. Sure, for a lot of people it's meaningless, but that sort of simple security check is a standard. Reentering a password when going to high-level administration is something a lot of web-managed code does, and it's beneficial in a business setting.

Posted

Yep, and I have a clever little Yorkshire Terrier who's capable of carrying such a plan.

1dog7mh.gif

lmao.. sometimes i wonder if my boxer is capable of such mischief. Strange things happen to my PC. lol
Posted

Yep, it's pretty annoying. At least have it as a checkbox option so we can use our own discretion. I'm pretty sure IPB is the only major BB software without this option.

Posted

Well, it's a security issue plan and simple.
If someone hijacks your cookies (which has happened to users in the past), they could get into your ACP if it was cookie-enabled. Since you have to re-enter your password however, they cannot.

What about other admins on your site? You might think you know them, but not everyone might be as security minded as yourself, or perhaps they might have room-mates, or friends or something that are mischeivous.

For the 10 seconds it takes to login, I don't see any *advantages* to having cookie-enabled auto-login to the ACP. It creates an unnecessary security hole, and then when someone's site gets "hacked" because of it, then we would be at fault in their eyes for introducing the security hole.

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...