Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-4956

"auth" should be true for all the request url used for Application components.

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: In Progress
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: Release Branch 11.04, Release Branch 12.04, Release Branch 13.07, Trunk
    • Fix Version/s: None
    • Component/s: ALL APPLICATIONS
    • Labels:
      None
    • Sprint:
      Bug Crush Event - 21/2/2015

      Description

      Currently there are some url present in application components with auth="false". So anyone can hit this urls and can access any resources without authorization.

      For Example - https://demo-trunk.ofbiz.apache.org/content/control/ViewSimpleContent?dataResourceId=GZ-DIG

      Currently, the above url does not need authorization (you can access any resource by changing the dataResourceId). I think all the url should be secure with auth="true" and https="true" in all the application components.

        Attachments

        1. OFBIZ-4956.patch
          11 kB
          Amardeep Singh Jhajj
        2. OFBIZ-4956-Release-10.04.patch
          11 kB
          Amardeep Singh Jhajj
        3. OFBIZ-4956-Release-11.04.patch
          11 kB
          Amardeep Singh Jhajj

          Activity

            People

            • Assignee:
              jleroux Jacques Le Roux
              Reporter:
              amardeepsj Amardeep Singh Jhajj
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: