Authid usage :: Zikula Community :: Support at your fingertips

Get Zikula 1.3.3!New core, modules & more

Quick Links

Donate Today!Support your Software

Documentationlearn, share & develop

Watch

GitHub Core

Show your support for Zikula! Sign up at Github account and watch the Core project!

GitHub Modules

Forum Activity

internetking created topic »password problem« 25. May
mesteele101 responded to »ERR (3): E_USER_ERROR: Smarty error: [in pagesvar:pagesitem2en line XXX]…« 25. May
mazdev responded to »Pages 2.5.0 and updating - Page not found« 25. May
ehdwma created topic »Hide "Register new account" and change template to 3 col« 25. May
mesteele101 responded to »Zikula 1.3.3 - Selecting a category in Pages not working« 25. May
mdee created topic »How to implement returnpage ?« 25. May
nestormateo responded to »Fillters in Clip« 24. May

» Visit forum | » View latest posts

Zikula Blog

Anatomy of Open Source Projects on Mar 07
Continuous Review on Mar 01
Not Invented Here on Feb 24
How to Contribute Your Code at Github on Jan 13
10 Steps to Coding-Nirvana: Tips for Successful Module Writing on Nov 12
Submitting Bug Report Tickets That Get Results on Aug 17
Cozi Tricks #1: Syntax Highlighting on Aug 07

Authid usage

Print topic

**unknown user**

Rank: Registered User

Registered: Mar 16, 2002

Last visit: Dec 09, 2005

Posts: 4
Posted: Dec 06, 2005 - 12:18 PM

I some confusion about the reasoning behind the usage of authids.

As stated here:
http://forums.postnu…e=viewtopic&t=40653

Quote

The main reasons are all security related. When a form is secured using authid a user can't

1) The form can't be faked by inserting things into the get/post array.
2) The form is securedfrom flood protection - i.e. multiiple submissions of the form.

However if a database entries are permission checked, what's the point of the authid? Also stated in the post referenced above is the fact that the authid protections are easily bypassed. So all the authid really seem to do is annoy users when they try to use multiple tabs/windows to, for example, vote in 2 seperate polls. There should be no reason to limit the user to one tab only and us admins from using the back button to submit multiple similar articles, downloads, etc... without having to constantly hit reload.
Simon

Rank: Legend

Registered: Dec 11, 2002

Last visit: Oct 21, 2009

Posts: 11674
Posted: Dec 07, 2005 - 08:20 AM

Permissions don't protect you from the two points quoted above...

--
itbegins.co.uk - Zikula Consulting

birtwistle.me.uk - Personal Blog

Please read the Support Guide
**unknown user**

Rank: Registered User

Registered: Mar 16, 2002

Last visit: Dec 09, 2005

Posts: 4
Posted: Dec 07, 2005 - 11:49 AM

HammerHead
Permissions don't protect you from the two points quoted above...

Then is there a solution that provides those protections while also allowing users to use the back button, have multiple tabs opens, etc...
Slugger

Rank: Expert

Registered: Mar 11, 2003

Last visit: Oct 21, 2009

Posts: 1104
Posted: Dec 07, 2005 - 05:20 PM

As far as the back button is concerned: not withstanding the user who will use the browser's back button, think about your back button as a button to pass "forward" to the previous page.

Slugger
Simon

Rank: Legend

Registered: Dec 11, 2002

Last visit: Oct 21, 2009

Posts: 11674
Posted: Dec 07, 2005 - 07:23 PM

Quote

Then is there a solution that provides those protections while also allowing users to use the back button, have multiple tabs opens

Not using the back button, no. Concievably it might be possible to generate multiple keys to support multiple tabs, but then you lose a layer of security.

--
itbegins.co.uk - Zikula Consulting

birtwistle.me.uk - Personal Blog

Please read the Support Guide