Hello,

Administratorlogin when creating slaves at the frontend doesn´t work.

If I create a website at the frontend it works fine, but the fields for administratorlogin (administrator email & andministrator passwort) hasn´t any effect. The only user in the new slavesite is the superadmin from the mastersite.

Is there something in the configuration which must be checked before?

Thank you - best regards,

muskes

I have been able to reproduce the problem and it is fixed in JMS 1.1.11 that will be released soon.
The problem was due to the fact that the modification of the administrator is done by a normal registered users. If the users was an administrator, this will have an effect.

Ok, I have updated JMS and it works now.

But now there is a big SECURITY PROBLEM

If the new user is superadmin, he is able to install components (if the slavesite is created with copying folders).

That means, if he is installing e. g. the extplorer (http://extplorer.sourceforge.net/) he has access to all files in the mastersite directory.

If he is installing e. g. joommyadmin (http://joomlacode.org/gf/project/joommyadmin/frs/?action=FrsReleaseBrowse&frs_package_id=3762) he can read all data of the database.

Is it possible, to put the superadmin from the mastersite in the new slavesite as superadmin and the new admin (from user) as normal admin?

Best regards
Muskes

As JMS share all the Joomla files and folders, this is true that if you install a tool like extplorer or any similar tool on the master website that a slave website could re-install it and see also all the files.
You can define any user type for the slave site administration.
You are not obliged to give the Super Admin.
You can decide to use a normal Administrator.
If the extplorer or similar tool are not installed on the master website, the slave site will not be able to install them as they are not present on the master website.
So I suggest to avoid installing such tool on the master website.

Concerning the database, as the slave site replicated share the same database, they could have the access to the database connection parameters. When they will have collected those information, they could use a PHPMyAdmin or similar too to access all the table prefix of the database.
The current version of JMS is not yet able to replicate the website into another Database to reduce this risk. Perhaps in a later version.
I also suggest to use separated database between the master website and the slave site to reduce the risk as mentioned and just let the risk to the slave sites.

You can define any user type for the slave site administration.
You are not obliged to give the Super Admin.
You can decide to use a normal Administrator.
Where can I modify this?

Dear Edwin,

please tell me where I can set, that the user become a normal admin and where I can define the user type for the slave site administration.

Best regards,

Muskes