Subj : Q Restriction on Web bug?
To   : Dumas Walker
From : Digital Man
Date : Thu Dec 05 2024 14:13:32

  Re: Q Restriction on Web bug?
  By: Dumas Walker to All on Thu Dec 05 2024 11:01 am

 > If a Q restricted user logs into the bbs via telnet, SSH, etc., they are
 > only shown the QWK menu and if they choose to "quit back to the BBS," the
 > system immediately logs them off.  The Q-restricted account cannot access
 > any message areas, or anything else on the system.

A Q-restricted account actually can perform a "normal" login by prepending a '*' to their login-id.

 > If a Q restricted user logs onto the web interface (both the older "runes"
 > or the newer ecweb), they are able to access message areas and even post
 > using their QWK ID.
 >
 > I would call this a "bug" since it is allowing the web interface to act in a
 > different (and unintended) manner from the terminal interface, but I am also
 > guessing there is some way that I can add something to an existing INI file
 > to prevent this behavior?

You can set SCFG->Servers->Web Server->Login Requirements (in v3.20a) to "REST NOT Q" and then Q-restricted users won't be able to authenticate with the web server. There's probably other ways to limit access to (e.g. webctrl.ini files and maybe something ecWeb-specific), but that's a true brute-force way.
-- 
                                            digital man (rob)

Synchronet "Real Fact" #80:
85 SBBSecho registrations were sold (at $49) between 1994 and 1996
Norco, CA WX: 69.2øF, 49.0% humidity, 1 mph WNW wind, 0.01 inches rain/24hrs
--- SBBSecho 3.23-Linux
 * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

.