You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-user@portals.apache.org by Lukasz <ol...@hoga.pl> on 2003/04/12 23:51:03 UTC

PSML Security problem

Hello!
I have problem with PSML files and users. When any user is logged in, he can write http://portaladdress/portal/user/username and then customize the PSML file for this user. He can even have minimal rights and customize administrator's PSML. What to do?
I have Jetspeed 1.4b1 with MySQL and Tomcat 4.1
Any help appreciated
Luke Olek


Serwis www.logo.hoga.pl - sciągaj bajery na telefony
Nokia, Siemens, Alcatel, Ericsson, Motorola,Samsung
------------------------------------------------------------
Promocja!!! rabat 40 % na zakup mks_vir 2003 dla klientów Connect , którzy
posiadaja kupony rabatowe.



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org

RE: PSML Security problem

Posted by Mark Orciuch <ma...@ngsltd.com>.

The security problem you describe is addressed in 1.4b3 and the upcoming
release has more security fixes.

Best regards,

Mark Orciuch - morciuch@apache.org
Jakarta Jetspeed - Enterprise Portal in Java
http://jakarta.apache.org/jetspeed/

> -----Original Message-----
> From: Lukasz [mailto:olekluke@hoga.pl]
> Sent: Saturday, April 12, 2003 4:51 PM
> To: jetspeed-user@jakarta.apache.org
> Subject: PSML Security problem
>
>
> Hello!
> I have problem with PSML files and users. When any user is logged
> in, he can write http://portaladdress/portal/user/username and
> then customize the PSML file for this user. He can even have
> minimal rights and customize administrator's PSML. What to do?
> I have Jetspeed 1.4b1 with MySQL and Tomcat 4.1
> Any help appreciated
> Luke Olek
>
>
> Serwis www.logo.hoga.pl - sciągaj bajery na telefony
> Nokia, Siemens, Alcatel, Ericsson, Motorola,Samsung
> ------------------------------------------------------------
> Promocja!!! rabat 40 % na zakup mks_vir 2003 dla klientów Connect , którzy
> posiadaja kupony rabatowe.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
>
>
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org