search button overrides some security

This is the place to report bugs and get support. When posting in this forum, please always provide as much detail as possible.

Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum, do not report it as a bug.

This is the place to report bugs and get support

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

  • What operating system were you running when the bug appeared?
  • What database platform is your site using?
  • What version of mojoPortal are you running?
  • What version of .NET do you use?
  • What steps are necessary to reproduce the issue? Compare expected results vs actual results.
Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum.
This thread is closed to new posts. You must sign in to post in the forums.
5/30/2012 4:48:24 AM
mic.ciotti@live.com
Gravatar
Total Posts 122
View Posts

search button overrides some security

Hi, running 2385 asp 4 sql 2008 fulltrust

I've sites where the root menu pages are all configured as access for only authenticated users

Correctly, when i hit www....., it displays me the logon page

but if i click search button (top menu), put in some existing text.... it shows me results and i can click on them and navigate in the site

hope this tip helps.. or is there a setting not done ?

best regards in advance

Michele (Rome)

5/30/2012 11:02:54 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: search button overrides some security

Hi,

Whenever the page view roles are changed the page must be re-indexed in the search index. We store the page view roles also in the search index in order to filter out results that a user has no permissions for. Based on your other forum posts I would say that your index was not working due to file system permission problems and now you need to rebuild the search index to make it in sync with current permissions.

However, even if the search results showed a link to a protected page the user would not be able to visit the page unless he is in an allowed view role. The search index has no control over page security and whether you click a link or manually type in an url does not make a difference the page security will be applied. I cannot reproduce any problem that allows access to view a page that the user is not in an allowed view role for. The only thing I can think of where that would be possible is if you have the page configured to allow browser caching and if the user visited the page before you changed the view roles then he may be able to view the copy of the page from his browser cache.

Hope that helps,

Joe

5/30/2012 11:31:16 AM
Jamie E
Gravatar
Total Posts 1203
View Posts
Proud member of the mojoPortal team

Help support mojoPortal!
Add-on modules

Re: search button overrides some security

You mentioned that your root level pages are secure.

When you create a new page, that page's security settings will inherit from the parent page. But if you set the parent page security after child pages already exist, then the parent page will be protected but not the child pages.

If you want the entire site to be protected, you should set the appropriate page security on every page, not just the root pages.

Jamie

5/31/2012 3:34:29 AM
mic.ciotti@live.com
Gravatar
Total Posts 122
View Posts

Re: search button overrides some security

thank you so much for your suggestions...

what I do love in mojoportal is not only the CMS, but also Joe and the Community who really helps promptly when I heve problems or simply doubts

Really, Thank you so much !!
Michele (from Rome)

You must sign in to post in the forums. This thread is closed to new posts.