Support forums - security concerns

Support forums » Products » Cute Live Support » security concerns

security concerns

Last post 04-14-2008, 7:51 AM by Adam. 3 replies.


	Sort Posts: Previous Next

04-13-2008, 3:56 PM 39157

jackj
Joined on 04-13-2008
Posts 3

security concerns

Reply Quote

Hi,

I download the trial version and install on the server, there is a security concern:

I logged in with the testing Admin user on the page supportadmin, and then I opened a new IE and type the admin page URL and then I was able to see all of the admin content on the new browser. is there no authentication check ?

thanks!

Jack

04-13-2008, 6:01 PM 39158 in reply to 39157

Adam
Joined on 09-23-2003
Aurora, ON
Posts 18,678

Re: security concerns

Reply Quote

Jack,

Cute Live Support admin page has security check.

>>I logged in with the testing Admin user on the page supportadmin, and then I opened a new IE

Did you close the existing page?

asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
asp wysiwyg html editor: http://cutesoft.net/ASP
asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
Live Support: http://cutesoft.net/live-support/default.aspx

04-13-2008, 6:43 PM 39159 in reply to 39158

jackj
Joined on 04-13-2008
Posts 3

Re: security concerns

Reply Quote

looks i checked the "remember login" which persisted the auth info on the cookie, but that is supposed to remember login ID only right?

in a production box, should we remove the default.aspx, and test.* which looks like some testing code right?

thanks!

Jack

04-14-2008, 7:51 AM 39192 in reply to 39159

Adam
Joined on 09-23-2003
Aurora, ON
Posts 18,678

Re: security concerns

Reply Quote

Jack,

>>looks i checked the "remember login" which persisted the auth info on the cookie, but that is supposed to remember login ID only right?

Cute Live Supports use asp.net authentication. Please check the following article for details:

Security Features in ASP.NET - Authentication

>>in a production box, should we remove the default.aspx, and test.* which looks like some testing code right?

Yes. Those are the demo pages showing how to embed the live support image button and monitor tag.