Details
-
Bug
-
Status: Closed (View Workflow)
-
Trivial
-
Resolution: Invalid
-
3.0.0
-
None
-
None
-
PHP Environment: 3.0.0
Database: MySQL 5.0.24a-standard-log
Description
I created a top-level category with no parent to this category.
I added a password to this category.
I next created a new forum inside of this category.
I logged in with an existing test account to see if that account would be asked for the forum password. It was not asked for the password and was allowed to enter into (view) the forum.
I reproduced this behavior a second time.
This is of course not how a password protected forum is supposed to behave.
Each time while logged in with the test account, I found that after navigating back to the board index, and then again clicking on the password protected forum, I would then be asked for the password, whereas initially I was not asked for the password.
This indicates that there may be a time delay between when the child forum is created and when the password protection becomes effective for the child forum, or, less likely, perhaps the first time one (or more) users visits the forum, this triggers something which causes the password protection to finally take effect at some point.
The impact of this bug is that on a really busy board, if the administrator creates a new password protected forum and immediately posts in that forum, an unauthorized user might be able to read the post.
The further impact of this bug is that when administrators are testing the functionaliry of the board to see if the password feature is working, they will find that it is not working, leading to a lot of unnecessary troubleshooting, and a loss of confidence in the security of this software product.