Support

Admin Tools

#11273 Forbid front-end Super Administrator login

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by user58348 on Tuesday, 28 February 2012 02:53 CST

Monday, 27 February 2012 07:09 CST

user58348
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes (configure manual)
Joomla! version: 1.5.24
PHP version: unknown
MySQL version: unknown
Host: Strato
Admin Tools version: latest

Description of my issue:

In Configure WAF I have set "Forbid front-end Super Administrator login" to YES. However, even normal Administrators are not allowed to login on the frontpage and not only the Super Administrator. Is this an intended behaviour?

Netzy

Monday, 27 February 2012 09:57 CST

nicholas
Hi Netzy,

You are right, this is a bug ever since this feature was included in Admin Tools. You are the first to notice that in the last 18 months :) I will add a workaround in the next version of Admin Tools.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 27 February 2012 10:03 CST

user58348
Hi Nicholas,

You are the first to notice that in the last 18 months :)


I am not the fittest when it comes to coding, but very attentive ;-)

BACKGROUND: I need this feature, because some of the contents on the front-end are only visible to administrators.

Thank you in advance

Netzy

Monday, 27 February 2012 10:23 CST

nicholas
It will be included in version 2.0.1. Meanwhile you can download and install dev release rev0849E89 which I just uploaded. It may take a few minutes before it shows on the download page.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 27 February 2012 11:20 CST

user58348
Wow, you are faster than light ;-) and the dev release is working well!

Thank you very much!

PROPOSAL: If someone tries to login as Super Administrator at the front-end, an 403-ERROR appears. I think it would be smoother, if the user is redirected to the frontpage instead.

Netzy

Monday, 27 February 2012 12:39 CST

nicholas
Hi Netzy,

No, the 403 is much better. A redirection to the front-page would result in Joomla! performing the log-in if the attacker guessed the password correctly, as the cookie would be set prior to the redirection. The 403 leads to the cookie not being set, therefore the attacker can not know if he has guessed the correct password. Obscuring this information (feedback on guessing the SA password) is the reason of existence of this feature.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 28 February 2012 02:53 CST

user58348
OK, you are the expert ;-)

Thanks

Netzy

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!