I did the installation of Advanced Security on my local xamp to play with an idea. After the install was finished I went back to http://localhost/asengine/install and the installer ran again - even with a new browser open with no sesssion or authentication.
I can see any place in the documentation where it says delete the install folder after installing. Should it be deleted for security purposes?
I know you say to set the ASfolder as 755 - but you can still access the /install folder from the web.
AS a suggestion - either he install folder should be
1 - Deleted after install by user
2 - Deleted as part of the install process
3 - Locked out with a .htaccess deny all to *
4 - Access denoed unless logged in
option 1 sounds best to me but option 2 is more likely to get done by less technical folks.
Second Question: Does the vanguard system allow folks to have multiple roles? I'm starting a build of an app where there are office-admin, factory-workers, wages-workers, info-readers and info-editors
Some people have multiple roles eg an office admin person does the wages so needs two roles but most admin folks dont do wages so need to be locked out of wages.
Unfortunately, I don't have the API docs for such things. But, thank you for letting me know that it can be useful for you, I'll consider creating it in the future. :)
Hi. firstly - thanks for a great product.
I am using the code as a template to build new forms etc and keep things secure.
Obviously this calls js, which has a class / namespace which lets you show AddUserModule
Do you have api docs showing the objects, function calls for the js and php? There is such a wealth of possibility in them.
You can delete the install folder after the installation although nobody will be able to do any harm since they don't know the DB credentials.
And no, unfortunately, Vanguard does not support multiple user roles for a single user.