hi
i am using CB api to create my users. is there anyway to prevent super user? i write some code to prevent user in super group user group. but i want to know is it possible freeze to create super user in all way.
Have you any other security advise when we use CB api to create user?
are you see usual Joomlapolice users security problem when they work with CB api?
i'm worry about that because my first time.
Last edit: 6 years 7 months ago by krileon. Reason: Added [SOLVED] tag to subject
Users don't get to select their usergroup for frontend registrations so it has never been an issue. Are you accepting a POST value for "gids"? The below tutorial does not do this as it specifically sets it to your Joomla new user usergroup parameter, which has no cause for concern.
If you are accepting a usergroup value from POST you need to apply filtering to it and clean out any usergroup ids you don't want to accept.
Kyle (Krileon) Community Builder Team Member Before posting on forums:
Read FAQ thoroughly
+
Read our Documentation
+
Search the forums CB links:
Documentation
-
Localization
-
CB Quickstart
-
CB Paid Subscriptions
-
Add-Ons
-
Forge
-- If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
-- If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please
send me a private message
with your thread and will reply when possible!
-- Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
-- My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
krileon wrote:
If you are accepting a usergroup value from POST you need to apply filtering to it and clean out any usergroup ids you don't want to accept.