You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-dev@jakarta.apache.org by bu...@apache.org on 2003/08/14 10:35:53 UTC
DO NOT REPLY [Bug 22409] New: -
There is problem in Slide security system.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22409>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22409
There is problem in Slide security system.
Summary: There is problem in Slide security system.
Product: Slide
Version: 1.0.16 Stable
Platform: PC
OS/Version: Windows NT/2K
Status: NEW
Severity: Normal
Priority: Other
Component: Other
AssignedTo: slide-dev@jakarta.apache.org
ReportedBy: maxim@kaliostro.crimea.com
There is problem in Slide security system. A user can have all rights of
another user if username of 1st user is beginning of username of 2nd user.
Look the example:
1) Deploy slide.war from jakarta-slide-1.0.16/slide/webapp to
CATALINA_HOME/webapps of Tomcat 4.0
2) Add users to CATALINA_HOME/conf/tomcat-users.xml :
<tomcat-users>
<user name="tomcat" password="tomcat" roles="tomcat" />
<user name="user_one" password="one" roles="user" />
<user name="user_two" password="two" roles="user" />
<user name="user_three" password="three" roles="user" />
<user name="other_user" password="other" roles="user" />
<user name="user" password="main" roles="root" />
</tomcat-users>
3) Run Tomcat
4) Login as �user_one�
5) Login as �user_two�
6) Login as �user_three�
7) Login as �other_user�
8) Now when I log in as �user� then I have no any rights on �other_user�
directory, but I have all rights on �user_one�, �user_two�, �user_three�
directories.
This is explicit error that the user with �user� username has some rights
on �user_one�, �user_two�, �user_three� directories.
I watch the same errors using Slide API.