You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by "Andrea Patricelli (JIRA)" <ji...@apache.org> on 2017/04/07 09:51:41 UTC
[jira] [Created] (SYNCOPE-1064) Impropve security of customization
mechanism
Andrea Patricelli created SYNCOPE-1064:
------------------------------------------
Summary: Impropve security of customization mechanism
Key: SYNCOPE-1064
URL: https://issues.apache.org/jira/browse/SYNCOPE-1064
Project: Syncope
Issue Type: Improvement
Components: enduser
Affects Versions: 2.0.2
Reporter: Andrea Patricelli
Fix For: 2.0.3, 2.1.0
A smart and malicious user could "hack" angularjs frontend components and send info that is not allowed to create/edit.
Solve this by checking info on server side against form customization JSON.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)