You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-user@portals.apache.org by Robert Gillis <ro...@acadiau.ca> on 2003/10/07 21:55:34 UTC
Jetspeed Database Browser Portlet
Hello Everyone;
I was just playing around with the database browser portlet (which
comes standard with jetspeed) and couldn't help but notice that any user
could edit the query (when customizing the portlet). In turn, the user
can change the query to 'select * from turbine_user' and get a list of
username's and passwords for the system. Other then removing the
portlet from the system, is there any other way I could change this so
that the users wouldn't be able to see this information?
Thanks
Rob
:wq
Re: Jetspeed Database Browser Portlet
Posted by David Sean Taylor <da...@bluesunrise.com>.
On Tuesday, October 7, 2003, at 12:55 PM, Robert Gillis wrote:
> Hello Everyone;
> I was just playing around with the database browser portlet (which
> comes standard with jetspeed) and couldn't help but notice that any
> user
> could edit the query (when customizing the portlet). In turn, the
> user
> can change the query to 'select * from turbine_user' and get a list of
> username's and passwords for the system. Other then removing the
> portlet from the system, is there any other way I could change this so
> that the users wouldn't be able to see this information?
>
> Thanks
>
> Rob
Check the CVS head, I thought this parameter now requires the admin role
Mark made that change recently
--
David Sean Taylor
Bluesunrise Software
david@bluesunrise.com
+01 707 773-4646
+01 707 529 9194
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org