Home General support

Weak master password protection

steffen Member
in General support
If the main gallery is protected by a master password, the search dialog is still working, even if the visitor does not input anything. I recently modified the index.php of the standard theme to show a tag cloud (printAllTagsAs). Each visitor can click on the tags and it works, even if he did not input a password. Those functions should be disabled until the user input the correct password. Why you don't handle all the password stuff within the htaccess file(s)?

Comments

  • sbillard Member
    The search dialogs are protected by their own password.
  • steffen Member
    For me it makes no sense to have a master password for the gallery, but let the search dialog open to everyone. The master password should protect everything.
  • sbillard Member
    Agreed. We will add the master password in the Serach page validation path.

    Should make it into tonight's build.
  • steffen Member
    Sorry for writing you again, but what about the rss links? They are still working, even without a password...
  • durango99 Member
    I'd also add that RSS and archive view/search bypass the password.

    Thanks!
  • acrylian Administrator, Developer
    We know that and we are working on it.
  • sbillard Member
    durango99:

    What do you mean by archive view/search bypassing the password? Are you running the 1.1.3 release or the nightly build?
  • durango99 Member
    Hi sbillard, I'm still using the 1.1.3 version. I'll assume that I should test out with the nightly build instead :) I'll try it out tonight. Thanks for your work and time (and time to comment)!
  • sbillard Member
    Yes, passwords had several problems in the base release. But, you should know that if you allow search (no password on search or on the gallery) search will return thumbs of protected items. That is by design. Clicking on the thumb will get you to the protection login.
Sign In or Register to comment.