Menu

#3 Security issue : profile can be changed !

closed
None
9
2006-02-26
2006-02-26
No

The profile ID can be changed at run-time (e.g. by
issueing a maliciously modified GET request), thus "non
granted" facets can be executed by anybody who knows
the profile ID !

Discussion

  • Remi Vankeisbelck

    • status: open --> closed
     
  • Remi Vankeisbelck

    Logged In: YES
    user_id=1129612

    OK fixed bug : now looks in request params/attrs only in
    unauthenticated mode.
    Gets profileID from session in auth mode.

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.