https://bugzilla.novell.com/show_bug.cgi?id=661361
https://bugzilla.novell.com/show_bug.cgi?id=661361#c5
--- Comment #5 from Scott Couston
From a portal users are offered read only without even a login - however once logged into users rights restrict deletion or change or rename.Being logged into Novell does NOT give login righs nor login session at all with anything else.
My screen shots are attached - This needs retesting WITHOUT anything whatsoever in both password cache and site exceptions to test this properly. I would also suggest that as soon as ANY login attempt is made from ANYTHING that traffic should auto change to HTTPS - atm we just use a popup login window from the existing HTTP page - The exception is a Novell Login page. Yes this is an issue from new WIKI and a horrible one to work around - New WIKI come with a security pedigree and we all know its a nightmare but.... I would suggest there is only one way to fix all of above, offer flexibility, offers secure login's, reduce reliance on very complex user rights, remove the maintenance of parental rights having to be changed by maximum rights masks and policies, and maintain security without horrendous maintenance tasks. I dont think its too late to use and issue Novell-SuseLinux-OpenSUSE....etc Client/Server issued SSL certificates as well as using existing Security Tokens defaults from VeriSign or issuing Novell Security Tokens for the first time... As a PostScript, Issuing Client/Server certificates is easy and flexible and offer a far easier security that - We issue PGP for all Repositories without distressing any users right now and implementing client Server SSL Certificates should be painless. If implemented now before WIKI grows to be unmanageable in size requires careful thought Fire Fox has abysmal handling of auto renew Security Certificates/Token Objects however existing security authorities are easily utilised and flexible. Fire Fox is hopeless in its ability to update defaults, renew expired dates and the ability to tolerate both the absence of Validation and Revocation Server in its PKCS#11 Suite. Turning OFF both validation and revocation is absurd. I should of staying in Canada skiing :-) [BTW -We have a huge memory leak with large graphics and extended clipboard sizes.] -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.