Author Topic: Security offense!! Access denied!  (Read 58170 times)

Offline BlackBird

  • Posts: 2573
Re: Security offense!! Access denied!
« Reply #75 on: June 10, 2011, 03:05:51 PM »
I think its because some modules open stuff in a new popup window or do some other kind of transaction .

I am still having the problem with ALL forms in the BE. I tried to work with it with IE instead of FF - same problem. So in fact it IS unusable here. To be able to go on with my module tests, I had to fake all DB entries and access files. So don't say unusable is a too hard word. :wink:

Offline BlackBird

  • Posts: 2573
Re: Security offense!! Access denied!
« Reply #76 on: June 10, 2011, 03:11:09 PM »
Found that the problem was caused by an older BE theme. Seems the SecureForm.php requires changes in the BE Themes, too.

Offline Luisehahne

  • WebsiteBaker Org e.V.
  • **
  • Posts: 4390
  • Gender: Male
    • Webdesign und Entwicklung WebsiteBaker
Re: Security offense!! Access denied!
« Reply #77 on: June 10, 2011, 03:13:51 PM »
You can check it, the BE Theme need a variable like {FTAN} after the form tag.

Dietmar
Immer nur von der Zukunft reden, die Gegenwart vergessen und auf die Vergangenheit schimpfen
Neues Unwort: Schnappatmung

Offline ruebenwurzel

  • Betatester
  • **
  • Posts: 8391
  • Gender: Male
  • Keep on Rockin
    • Familie Gallas Online
Re: Security offense!! Access denied!
« Reply #78 on: June 10, 2011, 06:50:50 PM »
Hello,

tested it over and over again on all sites, with updeted (but non patched) versions and also did some new clean installs and cannot reproduce this error message.

But maybe biancas hint seems to be the solution. I always work with the default Backend "wb_theme". Didn't use other themes because they maybe look better but i always run in problems with them.

Matthias

Offline Argos

  • Posts: 2542
  • Gender: Male
    • Argos Media
Re: Security offense!! Access denied!
« Reply #79 on: June 10, 2011, 11:22:30 PM »
Strange. I just tested a brand new, clean latest RC6 and had no problems (I use Argos theme of course). That is, as long as didn't have multiple tabs open. I just found out by the way that you can use multiple tabs with a simple little trick anyway (not the file hack I posted earlier).

I am disappointed though that the picture option stefek added is not yet added to the core News module. It is an essential option in my opinion.
Jurgen Nijhuis
Argos Media
Heiloo, The Netherlands
----------------------------------------------------------------
Please don't request personal support, use the forums!

NorHei

  • Guest
Re: Security offense!! Access denied!
« Reply #80 on: June 11, 2011, 12:03:39 AM »
You can go and open a second tab, change a few things go back and then reload the page to have its FTAN refresh. If you try this whith more than 2 tabs you have to keep track of the last one you refreshed .  Try to explain that to your Client   :-D

For me the atempt to install that news thingy simply lead to a bunch of error messages and nothing else.
I dont think its a good idea to put something like that even into AMASP.
Open a module thread , let pepole test it , fix all Problems , put it on AMASP.
And then after a while its ok to discuss about adding it to the Core .

I dont even expect the patch go into the core as it is. If Devs ever decide to add this patch , it needs a complete rework as its mixed coding style and some redundant functions .

Offline Stefek

  • Posts: 6177
  • Gender: Male
  • ("ړ)
Re: Security offense!! Access denied!
« Reply #81 on: June 11, 2011, 12:33:57 AM »
For me the atempt to install that news thingy simply lead to a bunch of error messages and nothing else.
I dont think its a good idea to put something like that even into AMASP.
As I remeber the problems you ran into where the same with a untoutched news module.
There shouldn't be any problems with my changes what so ever, despite those already are part of the module.

Stefek
"Gemeinsam schafft man mehr."

gemeinsam
1. mehreren Personen oder Dingen in gleicher Weise gehörend, eigen
2. in Gemeinschaft [unternommen, zu bewältigen]; zusammen, miteinander
#Duden

NorHei

  • Guest
Re: Security offense!! Access denied!
« Reply #82 on: June 11, 2011, 05:45:29 PM »
Just want to mention, this is the wrong thread for news  :wink:

Offline Luisehahne

  • WebsiteBaker Org e.V.
  • **
  • Posts: 4390
  • Gender: Male
    • Webdesign und Entwicklung WebsiteBaker
Re: Security offense!! Access denied!
« Reply #83 on: June 11, 2011, 06:41:36 PM »
INFO!
We are working for a solution, only one FTan for each page, so all sections (module) have the same one.

The actually working is that each sections has his own FTAN and run in security error.

Ok that solved not the multitab problem, but many others.

Dietmar
Immer nur von der Zukunft reden, die Gegenwart vergessen und auf die Vergangenheit schimpfen
Neues Unwort: Schnappatmung

NorHei

  • Guest
Re: Security offense!! Access denied!
« Reply #84 on: June 11, 2011, 11:31:30 PM »
Jep, confirmed.
The erratic behavior seems to have  its origin in multiple section forms, that generate a FTAN for each section of the form. But only the last FTAN generated is valid, all other sections will malfunction.

Another problem i see is having javascript open a secondary form, for example to upload an image.
If the secondary form is send the main form is no longer valid. 

Offline babsy

  • Posts: 337
Re: Security offense!! Access denied!
« Reply #85 on: August 09, 2011, 01:40:15 PM »
hi :) i just installed a new website with this 2.8.2 version, but i can´t make an page?
i just get the message:

Security offense!! Access denied!

i have followed the installed guide, and everything worked fine, and i can´t seem to find any information about how to get pass this message, and get started to make pages?


Offline Argos

  • Posts: 2542
  • Gender: Male
    • Argos Media
Re: Security offense!! Access denied!
« Reply #86 on: August 09, 2011, 01:47:35 PM »
Untill someone comes wih a solution, you can disable the security function (FTAN) in the admin settings if you like, and see if that helps.
Jurgen Nijhuis
Argos Media
Heiloo, The Netherlands
----------------------------------------------------------------
Please don't request personal support, use the forums!

Offline babsy

  • Posts: 337
Re: Security offense!! Access denied!
« Reply #87 on: August 09, 2011, 02:09:32 PM »
Actually, i can´t do anything in the backend, without getting the message:
Security offense!! Access denied!

i can´t make any changes in the admin security :(

Offline maverik

  • Posts: 1572
  • Gender: Male
  • ..:: viva los tioz ::..
Re: Security offense!! Access denied!
« Reply #88 on: August 09, 2011, 02:11:55 PM »
1) say sleep well for 24 hours to the browser you installed wb  :-D
2) take another browser and go to admin tools > secure form switcher and activate multitab
3) save
4) for now on all should work fine >> i hope

Offline babsy

  • Posts: 337
Re: Security offense!! Access denied!
« Reply #89 on: August 09, 2011, 02:20:09 PM »
Hi :) yes.. i will do that.. and i see it workes ok in IE :)

NorHei

  • Guest
Re: Security offense!! Access denied!
« Reply #90 on: August 09, 2011, 02:27:19 PM »
If might although help if you close all tabs , clear cache and cookies and restart your browser.

Offline ufferichter

  • Posts: 36
  • Gender: Male
    • websitebaker.dk
Re: Security offense!! Access denied!
« Reply #91 on: August 28, 2011, 09:19:10 PM »
I have read about the Security offense!! Access denied!and tryed everything now, i cant update from Version 2.8.1 without this problem, i dont know what to do, i go back to this version every time
Regards Uffe

WebsiteBaker.dk

Offline ruebenwurzel

  • Betatester
  • **
  • Posts: 8391
  • Gender: Male
  • Keep on Rockin
    • Familie Gallas Online
Re: Security offense!! Access denied!
« Reply #92 on: August 29, 2011, 07:25:39 AM »
@ufferichter

Wich errors you have exactely? You cannot update, means this the upgrade fails? Or did the upgrade work well and you got then error messages in the backend? Did you use a built in backend-theme or your own?

As more infos we get, the better we can help.

Matthias

Offline ufferichter

  • Posts: 36
  • Gender: Male
    • websitebaker.dk
Re: Security offense!! Access denied!
« Reply #93 on: August 30, 2011, 01:38:20 PM »
I just overwrite with the new files in 2.8.2 and use the upgrade.php and i altso try to use the last upgrade to overwrite files, but no mater what i do Security offense!! Access denied everytime when i try to edit or save chances, så i go back to last stable version
Regards Uffe

WebsiteBaker.dk

Offline HK

  • Posts: 91
  • Gender: Male
    • Pierewaaien Scheveningen
Re: Security offense!! Access denied!
« Reply #94 on: October 20, 2016, 12:37:36 PM »
Na de upgrade van WB2.8.1 naar WB2.8.3 met SP7 Krijg ik deze foutmelding bij (bijna) alles wat ik probeer aan te passen.
Standaard is de gebruikte template nu de Website Baker Default Themplate v.1.0.0-dev5 en ik kan geen ander template uit de lijst instellen.
Ook lukte het niet om een pagina waarvan de Visibility op Registered staat, publiek te maken.
Aanpassingen in pagina's worden wel opgeslagen, maar in de Page Settings niet.
Normaal werk ik in Opera maar ik heb het ook geprobeerd in Firefox.
Lastig dat er niet wordt aangegeven wat er precies mis is, waarom de acces wordt geweigerd!
Ook de installatie van een moderne template wordt geweigerd (Sobresot.zip)
Wat kan hier mis zijn?
124Media.nl
Groeten, HK Amstelveen

Offline Ruud

  • Posts: 3660
  • Gender: Male
  • Do not use PM for help! Please use the forum!
    • Dev4Me - Professional WebsiteBaker Development
Re: Security offense!! Access denied!
« Reply #95 on: October 20, 2016, 01:02:06 PM »
Dit gebeurd als je een oude of "eigen" backend-theme gebruikt. (zo te zien gebruik je een hele oude)
Gebruik dus 1 van de twee meegeleverde backend themes, dan gaat het waarschijnlijk wel goed.

PS..
Ik neem aan / hoop dat je niet rechtstreeks van 2.8.1 naar 2.8.3SP7 bent gegaan!
Zie: http://forum.WebsiteBaker.org/index.php/topic,29355.0.html

Offline HK

  • Posts: 91
  • Gender: Male
    • Pierewaaien Scheveningen
Re: Security offense!! Access denied!
« Reply #96 on: October 21, 2016, 11:22:27 AM »
Nee Ruud,
Ik ben gegaan via 2.8.3. zonder SP.
Het klopt dat ik een oud & vertrouwd backend theme heb gekozen (Classic) maar als ik nu probeer dat te veranderen in de Default Settings, krijg ik ook de Security Warning en wordt mijn nieuwe instelling genegeerd.
Sorry dat ik je antwoord in deze draad aanvankelijk over het hoofd heb gezien..
Groeten, HK Amstelveen

Offline Ruud

  • Posts: 3660
  • Gender: Male
  • Do not use PM for help! Please use the forum!
    • Dev4Me - Professional WebsiteBaker Development
Re: Security offense!! Access denied!
« Reply #97 on: October 21, 2016, 11:32:48 AM »
Inderdaad lastig, je mag nu niets meer instellen omdat dat een security probleem oplevert.

Waarschijnlijk is het makkelijkst om de inhoud van de map "DefaultTheme" even ook in de map van je huidige admintheme te uploaden.
Daarvoor moet je wel eerst alles van je huidige theme verwijderen, behalve de info.php, die MOET blijven bestaan (ook niet overschrijven dus)

Offline HK

  • Posts: 91
  • Gender: Male
    • Pierewaaien Scheveningen
Re: Security offense!! Access denied!
« Reply #98 on: October 21, 2016, 12:32:18 PM »
Dag Ruud,
Ik heb er ook al aan gedacht om het nu geïnstalleerde backend theme Classic te verwijderen met FileZilla, maar ik kan het niet vinden.
Kun je me aangeven waar ik moet zoeken? Ik neem aan dat er na het verwijderen automatisch wordt teruggevallen op een default theme?
Groeten, HK Amstelveen

Offline Ruud

  • Posts: 3660
  • Gender: Male
  • Do not use PM for help! Please use the forum!
    • Dev4Me - Professional WebsiteBaker Development
Re: Security offense!! Access denied!
« Reply #99 on: October 21, 2016, 01:33:50 PM »
Nee, er is geen fallback! Niet zomaar wissen dus.

De backend thema's staan in de templates directory.
In zo'n directory staat een info.php waarin je de naam kan vinden (hoeft niet gelijk te zijn aan de directorynaam)