Last post Apr 22, 2005 06:32 PM by MoriartyX
Apr 22, 2005 06:32 PM|MoriartyX|LINK
Just curious if anyone has identified the role security issues in the portal starter and if they have been addressed and I just need an update.
1) If you create a role and later delete it, and later add a role with the same name, the "new" role gets all of the security rights of the old role.
2) If you change the name of a role, it looses all rights. If you later create a new role with the same name, it gains all these rights of the supposed deleted role.
3) It's possible to create two roles with the same name.
These problems stem from the fact the configuration scheme using role names instead of IDs in storage. I was looking for the original ibuyspy portal because I believe it stored this information in a DB and I feel it would be easier to work with.