Ticket #562 (closed Bug report: wontfix)

Opened 10 years ago

Last modified 10 years ago

Dependencies display not restricted by permissions

Reported by: webmaster@… Owned by:
Priority: low Milestone: Not yet assigned to a Milestone
Component: Auth server, Authentication, permissions and access control Version:
Keywords: Cc:

Description

For the security reason, this url will be not display A user not logged can access to this url

 https://auth.domainname.org/admin/generic_object_admin.php?object_class=DependenciesList&action=edit&object_id=DUMMY

I suggest generate report to check if the dependencies are available or not and list of dependencies in database

Attachments

WIFIDOGDependencies.zip Download (2.2 KB) - added by webmaster@… 10 years ago.
table of dependencies

Change History

Changed 10 years ago by webmaster@…

table of dependencies

Changed 10 years ago by benoitg

  • priority changed from high to low
  • summary changed from Dependencies display to Dependencies display not restricted by permissions

It makes little sense to to put them in the database, as: * Their very purpose is to help users setup their server, before they even try importing the database schema * Dependency changes are usually very tied to code changes. Moving them to the database would require a schema update every time a dependency change, for no obvious gain.

As for security, it's just a matter of putting in the proper Permission calls. Patch welcome, see http://dev.wifidog.org/wiki/doc/developer/UserRolesArchitecture#Addingorremovingpermissions

Changed 10 years ago by benoitg

  • status changed from new to closed
  • resolution set to wontfix
Note: See TracTickets for help on using tickets.