search

mcpa-stlouis / hack-the-arch

Welcome to HackTheArch! A free open source scoring server for cyber Capture the Flag competitions!
https://hackthearch.herokuapp.com
MIT License
66 stars 27 forks source link

Setting Admins within the control panel #44

Open jetbalsa opened 6 years ago

jetbalsa commented 6 years ago

Right now to set an admin you have to do it within the database, this is not ideal as you might want more than one admin able to add challenges in or manage users / teams.

paullj1 commented 6 years ago

Yeah, so this was somewhat of an intentional design choice... the point being that if the user was able to find a flaw in the app, the back end will reject all attempts to modify that field in the database. I've gone back and forth on this myself. Rails is secure enough, but there are always going to be holes.

jetbalsa commented 6 years ago

I would put a note in the README about this then if there isn't one already

On Sat, Feb 17, 2018 at 12:33 PM, Paul Jordan notifications@github.com wrote:

Yeah, so this was somewhat of an intentional design choice... the point being that if the user was able to find a flaw in the app, the back end will reject all attempts to modify that field in the database. I've gone back and forth on this myself. Rails is secure enough, but there are always going to be holes.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mcpa-stlouis/hack-the-arch/issues/44#issuecomment-366457260, or mute the thread https://github.com/notifications/unsubscribe-auth/AAxE1PFMoGdLeY4rjJlc_8dra2O-YKYuks5tVw1QgaJpZM4SIUJ7 .