You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@continuum.apache.org by Christian Edward Gruber <cg...@israfil.net> on 2006/11/28 21:41:45 UTC

"Add project group" button not protected from unauthenticated users.

Hey.  Just FYI, in the trunk the unauthenticated user (and other
logged-in, unempowered users) can create new project groups.

Christian.
-- 

*christian** gruber + process coach and architect*

*Israfil Consulting Services Corporation*

*email** cgruber@israfil.net + bus 905.640.1119 + mob 416.998.6023*

Re: "Add project group" button not protected from unauthenticated users.

Posted by Jesse McConnell <je...@gmail.com>.

there are a number of things along these lines that I noticed in an
little audit of the action classes that I noticed.

Once rahul and I get the key based refactor wrapped up I think we'll
try and link up with some work jason has been kicking around to
improve the UI and xmlrpc code interface and security wise in one
swoop.

jesse

On 12/26/06, Wendy Smoak <ws...@gmail.com> wrote:
> On 11/28/06, Christian Edward Gruber <cg...@israfil.net> wrote:
>
> > Hey.  Just FYI, in the trunk the unauthenticated user (and other
> > logged-in, unempowered users) can create new project groups.
>
> Thanks, this appears to be fixed in the latest code.  (The 'Add
> project group' button no longer appears.)
>
> --
> Wendy
>

-- 
jesse mcconnell
jesse.mcconnell@gmail.com

Re: "Add project group" button not protected from unauthenticated users.

Posted by Wendy Smoak <ws...@gmail.com>.

On 11/28/06, Christian Edward Gruber <cg...@israfil.net> wrote:

> Hey.  Just FYI, in the trunk the unauthenticated user (and other
> logged-in, unempowered users) can create new project groups.

Thanks, this appears to be fixed in the latest code.  (The 'Add
project group' button no longer appears.)

-- 
Wendy