41
mpowell
Re: Auto login
  • 2004/3/15 16:29

  • mpowell

  • Friend of XOOPS

  • Posts: 119

  • Since: 2004/2/10


OK. Thanks I will change the time and leave session off and see how it works.

mpowell

42
mvandam
Re: Auto login
  • 2004/3/15 18:52

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


Quote:

Just curious where you get this auto login module i never actually used it as i heard many things about it had security flaws and could enable a user to take over ur site is this been fixed suppose it would have by now.

I think we've already discussed this in a couple of other threads . Auto-login FUNDAMENTALLY (not just with Xoops) carries some security risk. For example if someone else uses your computer and you forget to log out, then they will have your privileges on an XOOPS site. Another risk is that cookies can be "stolen" via e.g. javascript techniques (if any modules or blocks with XSS vulnerabilities are installed), and the 'thief' can then log on as the person from which the cookie is stolen. Generally, it is advised NOT to select "remember me" if you are an administrator/moderator/privileged user.

The "remember me" feature is INHERENTLY risky. As a webmaster, you weigh the risks:
- how likely is your site to be victim of attack?
- how sensitive is your data?
- how valuable is your data to you? Do you make regular backups?
- can your admins be trusted to NOT use auto-login?
- how important is it to your users to support this feature?
- many many sites offer this feature without incident
- etc.

43
alitan
Re: Auto login
  • 2004/3/20 5:11

  • alitan

  • Quite a regular

  • Posts: 399

  • Since: 2004/3/14


i have tried lots of auto log in modules but when i upload them in my ftp , my site will go and some binary codes come instead of my website main page , and i cant enter to website , my XOOPS version is 2.0.6

44
alitan
Re: Auto login
  • 2004/3/20 15:48

  • alitan

  • Quite a regular

  • Posts: 399

  • Since: 2004/3/14


any help???????????

45
Dave_L
Re: Auto login
  • 2004/3/20 16:03

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7



46
alitan
Re: Auto login
  • 2004/3/21 6:09

  • alitan

  • Quite a regular

  • Posts: 399

  • Since: 2004/3/14


yes i followed them of course

47
alitan
Re: Auto login
  • 2004/3/21 6:11

  • alitan

  • Quite a regular

  • Posts: 399

  • Since: 2004/3/14


yes i followed them of course

Login

Who's Online

221 user(s) are online (162 user(s) are browsing Support Forums)


Members: 0


Guests: 221


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jun 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits