Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Module ForumsModule ForumsForumForumVERY bad forum bug - security issue!VERY bad forum bug - security issue!
Previous
 
Next
New Post
9/2/2006 2:39 PM
 
timtimtimtimtim timtimtimtimtim

Joined: 11/20/2004
Posts: 358
"Anyone who is tab admin or site admin will be able to review all forums"

Yea, that is a BIG problem.  DotNetNuke was not created with just 1 portal in mind, most people use it with multiple portals.  One admin of PortalA should never be able to perform any special function for any module in PortalB.
 
New Post
9/2/2006 6:17 PM
 
Chris Paterra


Joined: 4/5/2003
Posts: 4377

Tim, you are correct that this is a problem. This was not my intent and to be honest I don't test this module on the multi-portal level and this needs to be something I do prior to the next release. (Which I will do). I am very well aware of how dnn is built and how it is normally used as well.

To give further information on this, if you really want to be technical, the default DNN Membership PRovider is just plain wrong. In my mind, and probably the majority of use cases, if DNN is being used as a multi-portal like most hosts would use it we have the following issues:

  • Users should never be able to have the same userid, no matter what portal. (Super Users do not count)
  • A username should only be unique per portal. This means portal A, has user1, portal B should have a completely diff user for user1 if he/she registers on that portal.
  • Ability for unique emails address per portal, not per install.

Since I can't change this globally (I can write my own provider but that isn't a global change for all dnn users) I have to plan the forums around this. Just to be clear on one thing again, Private Forums are still not affected by this. If you really want to get around this now, set all your forums to private and assign the roles per portal.

 

 

Chris Paterra

Get direct answers to your questions in the Community Exchange.
 
New Post
9/3/2006 12:57 AM
 
timtimtimtimtim timtimtimtimtim

Joined: 11/20/2004
Posts: 358
Crispy - You are 100% right on the fact that Users aren't really unique to each portal.  This is a pretty hot topic for those who run multiple portals.  We definitely see eye to eye on this

You know.. perhaps I can help you with the multi-portal usage of the forum module?  I have a new DNN install that has a *lot* of forums.  I just wiped my old install and am now using your forums.  I am adding about 50+ new parent portals per day, and nearly all of them use this forum module.

Perhaps I can help test things out or give you some feedback?  Since I have hundreds of people asking me for feedback/questions/etc, perhaps I can summarize and communicate it to you?

If this sounds interesting, please let me know!  timgt (at) hotmail.com is my email address.

Thanks!
 
 Page 3 of 3
Previous123 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Module ForumsModule ForumsForumForumVERY bad forum bug - security issue!VERY bad forum bug - security issue!


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out