[TYPO3-core] Gremlin #1573: Admin user is logged out on testingbeuser settings
Martin Kutschker
Martin.Kutschker at blackbox.net
Sun Nov 6 21:37:36 CET 2005
Michael Stucki <michael at typo3.org> writes on
Sun, 06 Nov 2005 20:31:58 +0100 (MET):
> I've seen this nicely working on Sebastians computer. I think the
> only problem with this could be that an admin might visit a users
> computer to change some setting, test it, and forget to switch back
> to after this. So the user is now logged in as himself, but as soon
> as he presses the logout button, he will be back in the Admin
> session!
>
> Therefore, Sebastian has added some kind of highlighting to the
> logout button.
To protect it even more a checkbox in the user module could be placed. So that the switch-back feature must be anabled manually.
> With this change, I don't see this very nice change as a big risk,
Can the feature be a point of an attack? Yes, if a non-admin TYPO3 user or any DB-user directly somehow manages to manipulate the session table.
Masi
More information about the TYPO3-team-core
mailing list