You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-dev@portals.apache.org by Mark Dimon <ma...@btinternet.com> on 2002/06/10 17:32:05 UTC

jetspeed security broken [non-existant] nightly build 2002-06-09

Hi,

If you fire-up the lastest nightly build and type the url

http://localhost:8080/jetspeed/portal/user/admin
the you go straight to the admin screen even though you are a logged out anon user,

none of the portlets are active or will display there contents , but this is surely wrong should you not be sent to the anon psml.

also

http://localhost:8080/jetspeed/portal/user/turbine

takes you straight to the turbine users screen , you can't edit the portals but you can still see the information directed to a particular user. 


Is this due to the CVS being in a state of flux at the moment , or is it a bug?


Regards mark.

Re: jetspeed security broken [non-existant] nightly build 2002-06-09

Posted by Chris Kimpton <ki...@yahoo.com>.

Hi,

--- Mark Dimon <ma...@btinternet.com> wrote:
> 
> Is this due to the CVS being in a state of flux at the moment , or
> is it a bug?
> 

Its a "feature" (a bug IMHO) that has been around for awhile...  

Chris

=====

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>