Support

Hello Adam,

Yes, there's a big security risk which comes with that, as well as a big performance impact. That's why I haven't implemented it. Many people did ask for this. Having update emails is a very mild security risk as it requires very good timing from the attacker's part. If you increase the volume and frequency of one-click link generation you get from very mild to very high.

Simply put: if an attacker can intercept your email and knows that all he needs to get a one-click URL is trigger a security exception on your site he can exploit Admin Tools, using it as a trojan horse instead of a firewall. He would be able to trigger a silly exception, intercept the email and abuse the one-click URL to take over your site without you ever noticing.

I will tell you what. When Joomla! 3.5 is released I will add the (non one click) URL in the email.

I can see you scratching your head. "Joomla! 3.5? Is that crazy developer on drugs?". Well, no, I don't do drugs (unless you count coffee as a drug, in which case I am a desperate addict). There is a reason to my madness. In Joomla! 2.5 if you try accessing an arbitrary URL in the back-end and you're not logged in you will see the login page... and then end up in Joomla!'s Control Panel. No cigar. In Joomla! 3.x someone had had enough of this nonsense and did the sensible thing to do in these cases: once you login you are redirected to the exact URL you tried accessing in the first place.

If I add the URL today I will have to face a constant stream of support requests asking me why they don't get to the blackisting page and wondering if this is a bug. That's why I want to wait until Joomla! 3.5 where such a feature would actually work exactly as I intend it to work.

Hello Adam,

So that you know, Joomla!'s release cycle is now as follows:

• Three STS (Short Term Support) releases, .0, .1 and .2 six months apart. Each one is supported for six months and is intended for developers and people who like to live on the edge / test new features / being guinea pigs.
• One LTS (Long Term Support) release coming 6 months after the .2. The version number will be .5 and it will be supported for two full years.

Six months after the release of the LTS the next version's STS is published. Six months after 2.5 (LTS) was released, 3.0 (1st STS) was released. Now they're ready to release 3.1 (the next STS). In a little less than 7 months 3.2 (STS) will be released and about March 2014 version 3.5 (LTS) will be released.

No need to tell me it's complicated. I know.