- Moderated by:
- Support Team
Authid usage
-
- rank:
-
Freshman
- registered:
- July 2005
- Status:
- offline
- last visit:
- 09.12.05
- Posts:
- 4
I some confusion about the reasoning behind the usage of authids.
As stated here:
http://forums.postnu…e=viewtopic&t=40653
Quote
The main reasons are all security related. When a form is secured using authid a user can't
1) The form can't be faked by inserting things into the get/post array.
2) The form is securedfrom flood protection - i.e. multiiple submissions of the form.
However if a database entries are permission checked, what's the point of the authid? Also stated in the post referenced above is the fact that the authid protections are easily bypassed. So all the authid really seem to do is annoy users when they try to use multiple tabs/windows to, for example, vote in 2 seperate polls. There should be no reason to limit the user to one tab only and us admins from using the back button to submit multiple similar articles, downloads, etc... without having to constantly hit reload.
-
- rank:
-
Steering Committee
- registered:
- December 2002
- Status:
- offline
- last visit:
- 09.11.08
- Posts:
- 13413
Permissions don't protect you from the two points quoted above...
--
Regards,
Simon
itbegins.co.uk - Zikula Consulting
Please read the Support Guide
-
- rank:
-
Freshman
- registered:
- July 2005
- Status:
- offline
- last visit:
- 09.12.05
- Posts:
- 4
HammerHead
Permissions don't protect you from the two points quoted above...
Then is there a solution that provides those protections while also allowing users to use the back button, have multiple tabs opens, etc...
-
- rank:
-
Professional
- registered:
- March 2003
- Status:
- offline
- last visit:
- 13.08.06
- Posts:
- 1185
As far as the back button is concerned: not withstanding the user who will use the browser's back button, think about your back button as a button to pass "forward" to the previous page. :wink:
Slugger
-
- rank:
-
Steering Committee
- registered:
- December 2002
- Status:
- offline
- last visit:
- 09.11.08
- Posts:
- 13413
Quote
Then is there a solution that provides those protections while also allowing users to use the back button, have multiple tabs opens
Not using the back button, no. Concievably it might be possible to generate multiple keys to support multiple tabs, but then you lose a layer of security.
--
Regards,
Simon
itbegins.co.uk - Zikula Consulting
Please read the Support Guide
|
