I tried asking Mike and Victor, but no response, I will throw this question out to the forums, since neither could find the time or answers for me:
I have a very simple question for you. I am currently using the latest version of Dolphin 6 on my systems.
Mind you, i'm very computer literate, and rather savvy on how alot of the net works. I'm a professional software developer. I've taken the time to go thru boonex 6 to understand how it works, and i'd like to know if this one major problem has been addressed in Boonex 7. It's about time i upgraded to it.
I'm still plagued by people who can still post events, blogs, etc to my sites, even tho they technically don't have access to them. I read stories that they were originally 'Cross site scripting' exploits.. but after further investigation, it turns out that 6.x was just piecemeal of different projects thrown together, and role based security was never used. I'm wondering if this was fixed in 7... so if i take access away from someone, it means that not only does it not show up on their toolbar menu, but that it also takes away their access all together from that module.
This is by far the most important piece that i'm worried about. Has this been addressed in the new system, specifically, are they looking at a users role, storing that in a session object, and testing their access to that module before it shows up, or granted access to the page? Are they doing something similar?
Thanks,
~Doc
