Re: elog program does not respect "Allow edit" list, posted by Heinz Junkes on Wed Apr 24 10:21:58 2019
|
Thanks for the answer. The real problem is that you can overwrite existing entries even if you have set an entry to "read only", i.e. you have forbidden further editing.
Heinz
| Stefan Ritt wrote: |
|
There are two ways:
1) Use different password files for different logbooks. Each password file contains only those users which have access to that logbook.
2) Use "Login user = <usr list>" to restrict access to certain users in that list.
Stefan
| Heinz Junkes wrote: |
|
Since there's no answer to that.
I am the only one with the problem? Did I just configure something wrong?
Thanks Heinz
| Heinz Junkes wrote: |
|
submissions via the elog - program can overwrite entries even if the user has no edit rights
|
|
|
|
|
Re: elog program does not respect "Allow edit" list, posted by Stefan Ritt on Wed Apr 24 10:29:00 2019
|
There is no "read only" flag. Please describe what you exactly did. Probably you want "Restrict edit time" for that.
Stefan
| Heinz Junkes wrote: |
|
Thanks for the answer. The real problem is that you can overwrite existing entries even if you have set an entry to "read only", i.e. you have forbidden further editing.
Heinz
| Stefan Ritt wrote: |
|
There are two ways:
1) Use different password files for different logbooks. Each password file contains only those users which have access to that logbook.
2) Use "Login user = <usr list>" to restrict access to certain users in that list.
Stefan
| Heinz Junkes wrote: |
|
Since there's no answer to that.
I am the only one with the problem? Did I just configure something wrong?
Thanks Heinz
| Heinz Junkes wrote: |
|
submissions via the elog - program can overwrite entries even if the user has no edit rights
|
|
|
|
|
|
Re: elog program does not respect "Allow edit" list, posted by Heinz Junkes on Wed Apr 24 11:03:26 2019
|
Sorry,
I meant "read only" by using "Restrict edit time" settings. e.g.
Restrict edit time = 24
I understand this to mean that an entry should not be able to be modified after 24 hours.
Heinz
| Stefan Ritt wrote: |
|
There is no "read only" flag. Please describe what you exactly did. Probably you want "Restrict edit time" for that.
Stefan
| Heinz Junkes wrote: |
|
Thanks for the answer. The real problem is that you can overwrite existing entries even if you have set an entry to "read only", i.e. you have forbidden further editing.
Heinz
| Stefan Ritt wrote: |
|
There are two ways:
1) Use different password files for different logbooks. Each password file contains only those users which have access to that logbook.
2) Use "Login user = <usr list>" to restrict access to certain users in that list.
Stefan
| Heinz Junkes wrote: |
|
Since there's no answer to that.
I am the only one with the problem? Did I just configure something wrong?
Thanks Heinz
| Heinz Junkes wrote: |
|
submissions via the elog - program can overwrite entries even if the user has no edit rights
|
|
|
|
|
|
|
Re: elog program does not respect "Allow edit" list, posted by Stefan Ritt on Wed Apr 24 11:30:37 2019
|
So you are telling me that "Restrict edit time" is not working correctly? In order to fix any problem, I have to reproduce it. Can you post a minimel elogd.cfg file with which I can reproduce the problem?
Stefan
| Heinz Junkes wrote: |
|
Sorry,
I meant "read only" by using "Restrict edit time" settings. e.g.
Restrict edit time = 24
I understand this to mean that an entry should not be able to be modified after 24 hours.
Heinz
| Stefan Ritt wrote: |
|
There is no "read only" flag. Please describe what you exactly did. Probably you want "Restrict edit time" for that.
Stefan
| Heinz Junkes wrote: |
|
Thanks for the answer. The real problem is that you can overwrite existing entries even if you have set an entry to "read only", i.e. you have forbidden further editing.
Heinz
| Stefan Ritt wrote: |
|
There are two ways:
1) Use different password files for different logbooks. Each password file contains only those users which have access to that logbook.
2) Use "Login user = <usr list>" to restrict access to certain users in that list.
Stefan
| Heinz Junkes wrote: |
|
Since there's no answer to that.
I am the only one with the problem? Did I just configure something wrong?
Thanks Heinz
| Heinz Junkes wrote: |
|
submissions via the elog - program can overwrite entries even if the user has no edit rights
|
|
|
|
|
|
|
|
Re: elog program does not respect "Allow edit" list, posted by Heinz Junkes on Wed Apr 24 11:56:24 2019
|
I ask my users where they had the problems and then create a demo for testing.
Thanks Heinz
| Stefan Ritt wrote: |
|
So you are telling me that "Restrict edit time" is not working correctly? In order to fix any problem, I have to reproduce it. Can you post a minimel elogd.cfg file with which I can reproduce the problem?
Stefan
| Heinz Junkes wrote: |
|
Sorry,
I meant "read only" by using "Restrict edit time" settings. e.g.
Restrict edit time = 24
I understand this to mean that an entry should not be able to be modified after 24 hours.
Heinz
| Stefan Ritt wrote: |
|
There is no "read only" flag. Please describe what you exactly did. Probably you want "Restrict edit time" for that.
Stefan
| Heinz Junkes wrote: |
|
Thanks for the answer. The real problem is that you can overwrite existing entries even if you have set an entry to "read only", i.e. you have forbidden further editing.
Heinz
| Stefan Ritt wrote: |
|
There are two ways:
1) Use different password files for different logbooks. Each password file contains only those users which have access to that logbook.
2) Use "Login user = <usr list>" to restrict access to certain users in that list.
Stefan
| Heinz Junkes wrote: |
|
Since there's no answer to that.
I am the only one with the problem? Did I just configure something wrong?
Thanks Heinz
| Heinz Junkes wrote: |
|
submissions via the elog - program can overwrite entries even if the user has no edit rights
|
|
|
|
|
|
|
|
|
Re: elog program does not respect "Allow edit" list, posted by Heinz Junkes on Fri Apr 26 11:24:21 2019
|
Stefan, will send the info off this forum.
Heinz
| Heinz Junkes wrote: |
|
I ask my users where they had the problems and then create a demo for testing.
Thanks Heinz
| Stefan Ritt wrote: |
|
So you are telling me that "Restrict edit time" is not working correctly? In order to fix any problem, I have to reproduce it. Can you post a minimel elogd.cfg file with which I can reproduce the problem?
Stefan
| Heinz Junkes wrote: |
|
Sorry,
I meant "read only" by using "Restrict edit time" settings. e.g.
Restrict edit time = 24
I understand this to mean that an entry should not be able to be modified after 24 hours.
Heinz
| Stefan Ritt wrote: |
|
There is no "read only" flag. Please describe what you exactly did. Probably you want "Restrict edit time" for that.
Stefan
| Heinz Junkes wrote: |
|
Thanks for the answer. The real problem is that you can overwrite existing entries even if you have set an entry to "read only", i.e. you have forbidden further editing.
Heinz
| Stefan Ritt wrote: |
|
There are two ways:
1) Use different password files for different logbooks. Each password file contains only those users which have access to that logbook.
2) Use "Login user = <usr list>" to restrict access to certain users in that list.
Stefan
| Heinz Junkes wrote: |
|
Since there's no answer to that.
I am the only one with the problem? Did I just configure something wrong?
Thanks Heinz
| Heinz Junkes wrote: |
|
submissions via the elog - program can overwrite entries even if the user has no edit rights
|
|
|
|
|
|
|
|
|
|
Re: elog program does not respect "Allow edit" list, posted by Stefan Ritt on Fri Apr 26 17:22:46 2019
|
Ok, I found the issue. The "Restrict edit time" is only checked when one clicks on "Edit" in the browser. The elog command line tool does not really an edit, but just submits an entry with an (old) ID. I added a check also for that case so now it should work. The commit is in git.
Stefan
| Heinz Junkes wrote: |
|
Stefan, will send the info off this forum.
Heinz
| Heinz Junkes wrote: |
|
I ask my users where they had the problems and then create a demo for testing.
Thanks Heinz
| Stefan Ritt wrote: |
|
So you are telling me that "Restrict edit time" is not working correctly? In order to fix any problem, I have to reproduce it. Can you post a minimel elogd.cfg file with which I can reproduce the problem?
Stefan
| Heinz Junkes wrote: |
|
Sorry,
I meant "read only" by using "Restrict edit time" settings. e.g.
Restrict edit time = 24
I understand this to mean that an entry should not be able to be modified after 24 hours.
Heinz
| Stefan Ritt wrote: |
|
There is no "read only" flag. Please describe what you exactly did. Probably you want "Restrict edit time" for that.
Stefan
| Heinz Junkes wrote: |
|
Thanks for the answer. The real problem is that you can overwrite existing entries even if you have set an entry to "read only", i.e. you have forbidden further editing.
Heinz
| Stefan Ritt wrote: |
|
There are two ways:
1) Use different password files for different logbooks. Each password file contains only those users which have access to that logbook.
2) Use "Login user = <usr list>" to restrict access to certain users in that list.
Stefan
| Heinz Junkes wrote: |
|
Since there's no answer to that.
I am the only one with the problem? Did I just configure something wrong?
Thanks Heinz
| Heinz Junkes wrote: |
|
submissions via the elog - program can overwrite entries even if the user has no edit rights
|
|
|
|
|
|
|
|
|
|
elog server crashed due to cookies send by client, posted by Heinz Junkes on Mon Sep 18 13:49:05 2023
|
Our elog instance (elogd 3.1.4 built Jan 13 2021, 20:44:20 revision ce2a48e9) has been running for years without any problems.
We have a new user who consistently crashes the elog:
GET /Omicron-STM-XPS/?rsort=Record%20date HTTP/1.1
Host: elog.fhi-berlin.mpg.de:4821
Cache-Control: max-age=0
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-gpc: 1
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
Referer: https://elog.fhi-berlin.mpg.de/elog/isc/Omicron-STM-XPS/
Accept-Encoding: gzip, deflate, br
Accept-Language: el-GR,el;q=0.9,en;q=0.8
Cookie: ufnm=Sotirios Tsatsos; urem=1; elmode=full; elattach=1; sid=CD2B04E2C3F02EA4; googtrans=/en/en; amp_6e403e=aWS6RQd5UjGctj5Ym_cDzA.c2Fsdm9fc290b2thaXRlbkB5YWhvby5jb20=..1hajnscc0.1hajnscc0.0.ac.ac
X-Forwarded-For: 141.14.151.26
X-Forwarded-Host: elog.fhi-berlin.mpg.de
X-Forwarded-Server: elog.fhi-berlin.mpg.de
Connection: Keep-Alive
Received unknown cookie "googtrans"
Received unknown cookie "amp_6e403e"
*** buffer overflow detected ***: terminated
Abort (core dumped)
|