Public Forums 71,145 posts

[cgc0202 Friend cgc0202Join date: August 2007Posts: 2244Downloads:0Uploads:3 Thanks: 206 Thanked: 262 times in 1 posts]

#150741

If a section or category is marked “registered” or “special”, but the article itself is marked “public” (default), the article will not show up, as expected. However, the default Joomla “Registration/Login” module will show up — even if the default Joomla “Registration/Login” module was disabled.

This can become a security risk in any Joomla site because the default Joomla “Registration/Login” module does not allow administrator screening of registration requests.

The aforementioned should not be a problem, if the it was the Community Builder (CB) Registration/Login module — which was also installed in place of the default Joomla “Registration/Login” module — that appears in the aforementioned situation

CGC

[John Wesley Brett Moderator John Wesley BrettJoin date: July 2013Posts: 2142Downloads:17Uploads:26 Thanks: 175 Thanked: 645 times in 426 posts]

#342130

<em>@cgc0202 176693 wrote:</em><blockquote>If a section or category is marked “registered” or “special”, but the article itself is marked “public” (default), the article will not show up, as expected. </blockquote>

First of all…the issue concerning the login issue has been addressed in your other post.

As for this one you are confusing the hiearchy of Joomla.
From top to bottom it is:
SECTIONS
CATEGORIES
ARTICLES

Therefore, whatever settings are set for SECTIONS will always override those of the CATEGORIES and ARTICLES attached to it.

So if you want the article to show…you would need to make the category and/or section its attached to public as well. You would do better to only set SECTIONS OR CATEGORIES as Registered or Special if ALL of the items below it should be seen only by those Registered or Special users.

Hope this helps.
John.

[cgc0202 Friend cgc0202Join date: August 2007Posts: 2244Downloads:0Uploads:3 Thanks: 206 Thanked: 262 times in 1 posts]

#342145

<em>@jbrett 176762 wrote:</em><blockquote>First of all…the issue concerning the login issue has been addressed in your other post.

As for this one you are confusing the hiearchy of Joomla.
From top to bottom it is:
SECTIONS
CATEGORIES
ARTICLES

Therefore, whatever settings are set for SECTIONS will always override those of the CATEGORIES and ARTICLES attached to it.

So if you want the article to show…you would need to make the category and/or section its attached to public as well. You would do better to only set SECTIONS OR CATEGORIES as Registered or Special if ALL of the items below it should be seen only by those Registered or Special users.

Hope this helps.
John.</blockquote>

Thanks John,

That is exactly what I am doing. I only set the Section or Category to the highest level of access that I want — Registered or Special. Otherwise, the default would be Public.

That is not the problem, if you read my post.

The problem is that if the article has an access level more lax than the access level of the Section or Category:

[SCENARIO]

Article => Public
Category => Public
Section => Registered

As I expected, and as you confirmed, the Article will not appear also. That is what I want, also, as you explained.

So, that itself is not the problem.

The problem is that the default Joomla Registration/Login module automatically appears.

Why is this a problem?

I disabled the default Joomla Registration/Login module because what I wanted to appear is the Community Builder (CB) Registration/Login module (that I installed as a replacement for the default Joomla Registration/Login).

What is the security advantage?

Because the CB Registration/Login module would require that the visitor, if not yet registered, will register (to be able to login) and read the article. And more important, I set as a pre-condition for the CB Registration/Login module that the visitor, if (s)he is to register must provide the following:

[First Stage Registration Screening]

the randomly generated Security Code (captcha)
legitimate email (see next)
respond to the email sent automatically

if the visitor is not able to any of the above, then it is likely to be a spam (bot) registration, and will not go through..

Further, even if the visitor was able to satisfy the above three requirements, there is another screening:

[Second Stage Registration Screening]

As a further security precaution, the webmaster must approve the registration. This additonal security measure will screen those potential registrants that satified the first stage screening.

[Third Stage Registration Screening]

If the visitor was approved, (s)he will be a registered user. As an added security measure, a registered user must be able to provide the randomly generated Security Code in the CB Login module — to access the article.

The above security precautions are not features in the default Joomla Registration/Login module. With the latter, one can register using an incorrect email address, and be able to access any article that are marked “Registered” immediately. This is the reason why the appearance of the default Joomla Registration/Login module — in the scenario described above — is a big security problrem.

Does anyone know a socultion?

CGC

[Saguaros Moderator SaguarosJoin date: September 2014Posts: 31405Downloads:237Uploads:471 Thanks: 845 Thanked: 5346 times in 4964 posts]

#343275

Dear cgc0202!

I’m sorry, i could not help you in this case 🙁

[Saguaros Moderator SaguarosJoin date: September 2014Posts: 31405Downloads:237Uploads:471 Thanks: 845 Thanked: 5346 times in 4964 posts]

#343276

Dear cgc0202!

I’m sorry, i could not help you in this case 🙁

[cgc0202 Friend cgc0202Join date: August 2007Posts: 2244Downloads:0Uploads:3 Thanks: 206 Thanked: 262 times in 1 posts]

#343282

<em>@tienhc 178181 wrote:</em><blockquote>Dear cgc0202!

I’m sorry, i could not help you in this case :(</blockquote>

Thanks tienhc,

I may try Joomla or Joomlapolis when I get a chance. Just too busy right now.

Cornelio

[Author]

Posts