[MAGNOLIA-2397] User's own credentials not used/checked to record last access time Created: 26/Sep/08 Updated: 04/Aug/15 Resolved: 04/Aug/15 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | admininterface, core, security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major |
| Reporter: | Jan Haderka | Assignee: | Philipp Bärfuss |
| Resolution: | Outdated | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
| Date of First Response: |
| Description |
|
can be found when detailed auditing of access is enabled. For details see http://wiki.magnolia.info/display/DEVINT/Audit+Trail |
| Comments |
| Comment by Magnolia International [ 20/Jan/09 ] |
|
What's the status of this ? Can you detail ? |
| Comment by Jan Haderka [ 20/Jan/09 ] |
|
It's detailed in the linked wiki page. When playing with possibilities for auditing while ago, I've noticed that while last login time is recorded (the second set of log messages) it is done with anonymous user credentials. Does that mean anybody can modify things directly in the user node? I hope not, but this needs to be checked. |
| Comment by Michael Mühlebach [ 04/Aug/15 ] |
|
We're closing this issue as outdated as it was reported for 4.4.x or earlier versions which are no longer supported. Don't hesitate to reopen or create a new ticket in case this is still relevant and you'll experience it on 4.5.x or later versions. |