A Cross Site Request Forgery (CSRF) attack relies on the trust a website has for a user to execute unauthorized requests and or transactions. For example, say a user is logged into their Joomla! websites' administrator interface in one tab and is browsing a compromised site in another tab.
The Frontend is a collective term to name the areas of the website as visitors or registered users see it. A registered user normally works only in the frontend. It is like in a store, where the goods are displayed in shop windows and on shelves. Here you can have a look around.
So, in nutshell: it's everything an unregistered user (Guest) and all other registered users, withouth administrative user rights (the members of main Registered group and it's subgroups) can see.
How an author can submit a story?
We all know that Joomla is all about collaboration. And anyone who had set up at least one instance of Joomla knows, that there are multiple levels of access in Joomla, among them one called Author who is supposedly able to submit an article to a Joomla site from the frontend.
I want the print and email icons back as in previous Joomla!
A client called me one of these days with this request. He told me, that what was once a simple one click action to print, email or edit an article in frontend in Joomla 1.5 has became an uncomfortable, two click process, which in some devices proved to be increasingly difficult. After a bit of digging around I found for him an easy to implement template override which make him happy.
Joomla 1.5 ACL explained
Despite claims to the contrary Joomla 1.5 does have an ACL system. It may be rudimentary but when fully understood can be very useful.
Recently in more (usually cheap) hosts more of my clients reported a strange error, wich showed up recently, withouth notice.
The error message is like this:
1104 The SELECT would examine more than MAX_JOIN_SIZE rows; check your WHERE and use SET SQL_BIG_SELECTS=1 or SET SQL_MAX_JOIN_SIZE=# if the SELECT is okay
followed by the failing query.
By default, across all Joomla versions from Joomla 1.0, through Joomla 1.5, Joomla 1.6 to the Joomla 1.7 the basic structure of default user groups is unchanged. The users are generally sorted in 3 main categories, the unregistered/not logged in users, the registered users with frontend only access and the backend users. The exact naming of these main groups are varying across the different Joomla versions, but the default end level groups are the same. The groups and their core permissions are as follows: