[Typo3-dev] One usertable in TYPO3?
Mathias Schreiber [wmdb]
mathias.schreiber at wmdb.de
Wed Mar 23 14:39:09 CET 2005
Kasper Skårhøj wrote:
> But I will acknowledge that at times it makes sense and open the
> question; How can we best "emulate" a one-login scenario enabling both
> frontend and backend?
Implement a hook in the BE User Form like "Create FE User as well" or
"keep in Sync with FE Users".
Would work fine.
Drawbacks:
BE Users should be Masters while FE Users should be slaves.
means:
If a FE User changes his password, the PW will be independent from the
BE User PW.
Fix:
Keep it in sync both ways.
In this case there are certain fields in BE Users that have to be
isolated from being changed from elsewhere than the backend, because one
could trick FE USER AdminLib to gain Admin access.
Security Issues all over :-)
> I think someone has already made an extension that keeps the two tables
> in sync and also creates a session for both logins when a login is made
> in either frontend or backend. This approach seems to solve the issue
> right away, doesn't it?
or like this
> Another way to go could be to consider if eg. a backend login should be
> allowed to work in the frontend as well (so the frontend user tables are
> disabled).
hmm, interesting idea - seems simple to implement.
> Alternatively frontend users could work in the backend (which
> is much more complex and probably not the solution).
NOOOOOOOOOOOOOOOO.
Keep them OUT!
This might result in security issues and I personally like having the FE
users OUTSIDE of my backends.
--
No Subject - No Realname - No Service!
Respect the List/Newsgroup Rules!
>> http://typo3.org/1438.0.html <<
More information about the TYPO3-dev
mailing list