ComicCMS User Manual


First Use :: SuperUsers

For extra security in your admin panel certain sections are blocked out unless you are authenticated as what we call a "SuperUser". While ComicCMS remembers your login accross sessions, if you want to edit settings on your site you must authorize your SuperUser status each time you visit the admin panel.

What this means to you is that if you want to modify plugins, templates or settings you will have to enter your password. Once this authenticates you as a SuperUser a key icon will appear to the top right of your screen, allowing you to unauthenticate if you wish, which will keep you authenticated as a SuperUser for as long as you have the admin panel open.

Notice:Please note that this SuperUser function adds extra security. ComicCMS is just as secure as all other web-based CMS programs and this feature does not insinuate any security problems with ComicCMS. This type of security method is used by many linux distributions and is what helps make it so secure.

What's the point? Well, it doesn't protect you if someone has stolen your password but it does protect you from someone using your computer maliciously as well as what is called session hyjacking. Session hyjacking is where a malicious user steals your session ID (often though an XSS attack) and fakes your credentials to log into your admin panel. This is of course a security hole and ComicCMS protects against it but just in case the SuperUser authentication is in place to block anyone from damaging your site, even if they're faking your login.

This practically cuts out any reward the hacker would hope to gain and even if they could be bothered the worst they can do is add/edit your news and comics which you'll be able to recover if you back up regularly.

ComicCMS, free php webcomic management software Copyright © 2007 Steve H