[MAGNOLIA-2397] User's own credentials not used/checked to record last access time Created: 26/Sep/08  Updated: 04/Aug/15  Resolved: 04/Aug/15

Status: Closed
Project: Magnolia
Component/s: admininterface, core, security
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Jan Haderka Assignee: Philipp Bärfuss
Resolution: Outdated Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

can be found when detailed auditing of access is enabled. For details see http://wiki.magnolia.info/display/DEVINT/Audit+Trail



 Comments   
Comment by Magnolia International [ 20/Jan/09 ]

What's the status of this ? Can you detail ?

Comment by Jan Haderka [ 20/Jan/09 ]

It's detailed in the linked wiki page. When playing with possibilities for auditing while ago, I've noticed that while last login time is recorded (the second set of log messages) it is done with anonymous user credentials. Does that mean anybody can modify things directly in the user node? I hope not, but this needs to be checked.

Comment by Michael Mühlebach [ 04/Aug/15 ]

We're closing this issue as outdated as it was reported for 4.4.x or earlier versions which are no longer supported. Don't hesitate to reopen or create a new ticket in case this is still relevant and you'll experience it on 4.5.x or later versions.

Generated at Mon Feb 12 03:36:19 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.