HomeProjectsRUL Application DevelopmentRUcore dlr/EDITIssues

security concern

Posted July 30th, 2010 by ananthan
Project:RUcore dlr/EDIT
Version:5.1.2
Component:Code
Category:bug report
Priority:normal
Assigned:triggs
Status:closed
Description

We were able to edit and save changes, without authenticating in dlr/EDIT. Big problem. Bigger problem is I don't know what other components of dlr/EDIT have this same issue. IF someone were to construct the proper URL's they could do pretty serious damage.

I am unable to isolate this issue to one or a few pages in dlr/EDIT. Some pages require login while others don't. NJEdge/NJVid is also affected by this security concern.

This is an issue on lefty64 as well as MSS3. We need to decide whether to address this in this release or to find a better/permanent solution in R5.2.

Comments

#1

On August 6th, 2010 chadmills says:
Assigned to:rjantz» triggs

There are still problems. I found the following two links still don't ask for authentication.

removed links.

#2

On August 6th, 2010 triggs says:
Status:active» fixed

Done.

#3

On May 4th, 2011 triggs says:
Status:fixed» closed

Done some time ago.

Back to top