[OFBIZ-4956] "auth" should be true for all the request url used for Application components. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: In Progress
Priority: Major
Resolution: Unresolved
Affects Version/s: Release Branch 11.04, Release Branch 12.04, Release Branch 13.07, Trunk
Fix Version/s: None
Component/s: ALL APPLICATIONS
Labels:
None

Sprint:
Bug Crush Event - 21/2/2015

Description

Currently there are some url present in application components with auth="false". So anyone can hit this urls and can access any resources without authorization.

For Example - https://demo-trunk.ofbiz.apache.org/content/control/ViewSimpleContent?dataResourceId=GZ-DIG

Currently, the above url does not need authorization (you can access any resource by changing the dataResourceId). I think all the url should be secure with auth="true" and https="true" in all the application components.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

OFBIZ-4956.patch
07/Jul/12 12:16
11 kB
Amardeep Singh Jhajj
OFBIZ-4956-Release-10.04.patch
07/Jul/12 12:16
11 kB
Amardeep Singh Jhajj
OFBIZ-4956-Release-11.04.patch
07/Jul/12 12:16
11 kB
Amardeep Singh Jhajj

Activity

People

Assignee:

Jacques Le Roux

Reporter:

Amardeep Singh Jhajj

Votes:

0 Vote for this issue

Watchers:

4 Start watching this issue

Dates

Created:

07/Jul/12 12:09

Updated:

17/Apr/20 15:55