JFacets

Tracker: Bugs

9 Security issue : profile can be changed ! - ID: 1439037

Last Update: Comment added ( vankeisb )

Details:

The profile ID can be changed at run-time (e.g. by
issueing a maliciously modified GET request), thus "non
granted" facets can be executed by anybody who knows
the profile ID !

Submitted:

Remi Vankeisbelck ( vankeisb ) - 2006-02-26 14:54

Priority:

Status:

Closed

Resolution:

None

Assigned:

Remi Vankeisbelck

Category:

None

Group:

None

Visibility:

Public

Comment ( 1 )

Date: 2006-02-26 14:58 Sender: vankeisb Logged In: YES user_id=1129612 OK fixed bug : now looks in request params/attrs only in unauthenticated mode. Gets profileID from session in auth mode.

Log in to comment.

Attached File

Changes ( 2 )

Field	Old Value	Date	By
status_id	Open	2006-02-26 14:58	vankeisb
close_date	-	2006-02-26 14:58	vankeisb

JFacets

Tracker: Bugs

Comment ( 1 )

Log in to comment.

Attached File

No Files Currently Attached

Changes ( 2 )

About SourceForge

Find Software

Develop Software

Community

Help