You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Jacopo Cappellato (JIRA)" <ji...@apache.org> on 2014/07/10 18:12:05 UTC
[jira] [Updated] (OFBIZ-4956) "auth" should be true for all the
request url used for Application components.
[ https://issues.apache.org/jira/browse/OFBIZ-4956?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacopo Cappellato updated OFBIZ-4956:
-------------------------------------
Fix Version/s: (was: Release Branch 12.04)
(was: Release Branch 11.04)
(was: Trunk)
> "auth" should be true for all the request url used for Application components.
> ------------------------------------------------------------------------------
>
> Key: OFBIZ-4956
> URL: https://issues.apache.org/jira/browse/OFBIZ-4956
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL APPLICATIONS
> Reporter: Amardeep Singh Jhajj
> Fix For: Release Branch 10.04
>
> Attachments: OFBIZ-4956-Release-10.04.patch, OFBIZ-4956-Release-11.04.patch, OFBIZ-4956.patch
>
>
> Currently there are some url present in application components with auth="false". So anyone can hit this urls and can access any resources without authorization.
> For Example - https://demo-trunk.ofbiz.apache.org:8443/content/control/ViewSimpleContent?dataResourceId=GZ-DIG
> Currently, the above url does not need authorization (you can access any resource by changing the dataResourceId). I think all the url should be secure with auth="true" and https="true" in all the application components.
--
This message was sent by Atlassian JIRA
(v6.2#6252)