You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by Mark Dimon <ma...@btinternet.com> on 2002/06/10 17:32:05 UTC
jetspeed security broken [non-existant] nightly build 2002-06-09
Hi,
If you fire-up the lastest nightly build and type the url
http://localhost:8080/jetspeed/portal/user/admin
the you go straight to the admin screen even though you are a logged out anon user,
none of the portlets are active or will display there contents , but this is surely wrong should you not be sent to the anon psml.
also
http://localhost:8080/jetspeed/portal/user/turbine
takes you straight to the turbine users screen , you can't edit the portals but you can still see the information directed to a particular user.
Is this due to the CVS being in a state of flux at the moment , or is it a bug?
Regards mark.
Re: jetspeed security broken [non-existant] nightly build 2002-06-09
Posted by Chris Kimpton <ki...@yahoo.com>.
Hi,
--- Mark Dimon <ma...@btinternet.com> wrote:
>
> Is this due to the CVS being in a state of flux at the moment , or
> is it a bug?
>
Its a "feature" (a bug IMHO) that has been around for awhile...
Chris
=====
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>