Contribute  :  Support  :  Downloads  :  Forum  :  Links  :  Polls  :  Calendar  :  Directory  :  Advanced Search  
Geeklog The Ultimate Weblog System

advanced search 

Resources

Getting started
Support
Development

Sections

Home
Geeklog (190)
Geeklog 2 (28)
Announcements (201)
Summer of Code (8)
Security (55)
Plugins (50)
Server (26)
Spam (10)

User Functions

:

:

Don't have an account yet? Sign up as a New User
Lost your password?

What's New

STORIES

No new stories

COMMENTS last 2 days

No new comments

TRACKBACKS last 2 days

No new trackback comments

NEW FILES last 14 days


LINKS last 2 weeks

No recent new links

Older Stories

Monday 17-Mar


Tuesday 08-Jan


Saturday 29-Dec


Tuesday 04-Dec


Sunday 04-Nov
Welcome to Geeklog
Friday, May 16 2008 @ 01:35 AM EDT
   

Security Fix!

Thursday, January 03 2002 @ 01:06 PM EST
Contributed by: Tony
Views: 2,198
SecurityThere is a small but nasty security bug with fresh installations of Geeklog 1.3. This only pertains to fresh installations of Geeklog 1.3. Turns out with fresh installations, the data includes one orphaned group_assignments record with a user ID of 13. Geeklog's user table with on a fresh installation only has 12 users. So the first user that creates an account has access to the GroupAdmin Group and, subsequently, the UserAdmin Group.

If you have already installed a fresh version of Geeklog 1.3 then you need to edit the user with a uid of 13. To get that, do a "SELECT username FROM users WHERE uid = 13" in your favorite MySQL editor. Then in the admin/users.php page edit that user and uncheck both the GroupAdmin Group AND the UserAdmin Group and be sure to leave the Normal User and Logged-in User boxes checked.

Thanks to whoever posted that nasty on our SourceForge site.
 

What's Related

Story Options

Security Fix! | 2 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
mmmm, foreign keys
Authored by: Anonymous on Friday, January 04 2002 @ 11:30 AM EST
NT
mmmm, foreign keys
Authored by: Tony on Friday, January 04 2002 @ 11:53 AM EST
To the wonderful people at MySQL.

I know it is a little late but I would really like support for foreign keys in the next release of MySQL for my Christmas present.

This is another reason I should get my sh*t together and get the abstract database layer working 100%. Then we could use PostreSQL if we wanted.
© 2002-2008 Geeklog
Created this page in 0.36 seconds		 Powered By Geeklog 1.4.1 
Hosted by pair.com