That sounds good, i think we had initially set it to private for privacy
reasons.
On Wed, May 25, 2011 at 8:44 PM, Matt Giuca matt.gi...@gmail.com wrote:
Hi,
I was under the impression that we would show users full names publicly.
However, that doesn't seem to be the case; the public view
I am really confused about this.
https://bugs.launchpad.net/mugle/+bug/788075
Is there some weird bug going on in the bowels of the database layer? I
doubt I could have screwed up on the UI, and that's all the code I changed.
In GameEditBuilder, I added:
Never mind, I figured it out and worked around it (hackily).
https://bugs.launchpad.net/mugle/+bug/788075
--
Mailing list: https://launchpad.net/~mugle-dev
Post to : mugle-dev@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mugle-dev
More help : https://help.launchpad.net/ListHelp
OK, let me know if you want me to check on it. I'll be online for a while.
--
*Prageeth Silva*
--
Mailing list: https://launchpad.net/~mugle-dev
Post to : mugle-dev@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mugle-dev
More help : https://help.launchpad.net/ListHelp
Just got home a little while ago. OK I'll check on this since it's
critical.
On Wed, May 25, 2011 at 9:57 PM, Matt Giuca matt.gi...@gmail.com wrote:
I am really confused about this.
https://bugs.launchpad.net/mugle/+bug/788075
Is there some weird bug going on in the bowels of the database
No but ... never mind. It's no longer critical.
--
Mailing list: https://launchpad.net/~mugle-dev
Post to : mugle-dev@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mugle-dev
More help : https://help.launchpad.net/ListHelp
** Description changed:
Currently, the DevTeamService.getGames has a boolean to ask for public
or private. This is necessary because the dev team edit page contains
the full list. Note that since we have no security on viewing things at
- all (pretty much), there is no point fixing this
I think implementing the security properly would solve a lot of the bugs we
currently have. I just wish i had the time to sit down for a few hours and
do it.
On Wed, May 25, 2011 at 11:11 PM, Matt Giuca
788...@bugs.launchpad.netwrote:
** Description changed:
Currently, the
Is this actually a problem? I think the fact that the client has access
to the primary key is the wrong thing to focus on. Obviously the client
can write back anything they want -- if there is a security problem,
it's that the server will let clients write to objects (based on primary
key) that
Can someone figure out if this is still an issue? I don't want old bugs
lying around if they are not real concerns.
--
You received this bug notification because you are a member of MUGLE
Developers, which is a direct subscriber.
https://bugs.launchpad.net/bugs/786016
Title:
Direct Access to
I dont think, this is a non-issue, once security is implemented
properly.
On Wed, May 25, 2011 at 11:32 PM, Matt Giuca
786...@bugs.launchpad.netwrote:
Can someone figure out if this is still an issue? I don't want old bugs
lying around if they are not real concerns.
--
You received this bug
Yes this is no longer valid as long as our permission system works
properly.
--
You received this bug notification because you are a member of MUGLE
Developers, which is a direct subscriber.
https://bugs.launchpad.net/bugs/779015
Title:
Client can write back modified primary key
Status in
** Changed in: mugle
Status: Triaged = Invalid
--
You received this bug notification because you are a member of MUGLE
Developers, which is a direct subscriber.
https://bugs.launchpad.net/bugs/779015
Title:
Client can write back modified primary key
Status in Melbourne University
As of trunk r435, this is fixed for DevTeam and Game (which were needed
for other bugs).
Remaining services: Achievement, GameFile, GameVersion, KeyValuePair.
--
You received this bug notification because you are a member of MUGLE
Developers, which is a direct subscriber.
Well, that's it. I've ticked off every single bug that we had milestoned.
MUGLE is now pretty darn usable, and somewhat secure :)
A user should now be able to (once given a dev team), navigate around all of
the necessary UI to view and edit (where authorized) all of the games, teams
and users.
The list of bugs fixed is here:
https://launchpad.net/mugle/+milestone/0.1
--
Mailing list: https://launchpad.net/~mugle-dev
Post to : mugle-dev@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mugle-dev
More help : https://help.launchpad.net/ListHelp
Nice :) I am curious how it looks like now.
On Thu, May 26, 2011 at 11:23 AM, Matt Giuca matt.gi...@gmail.com wrote:
The list of bugs fixed is here:
https://launchpad.net/mugle/+milestone/0.1
--
Mailing list: https://launchpad.net/~mugle-dev
Post to : mugle-dev@lists.launchpad.net
*** This bug is a security vulnerability ***
Private security bug reported:
It is possible for two users to have the same URLname. Check this and
block it.
** Affects: mugle
Importance: Critical
Assignee: Matt Giuca (mgiuca)
Status: In Progress
** Tags: datastore
**
** Branch linked: lp:mugle
--
You received this bug notification because you are a member of MUGLE
Developers, which is a direct subscriber.
https://bugs.launchpad.net/bugs/788425
Title:
User can change URLname to that of another user
Status in Melbourne University Game-based Learning
Fixed in trunk r451.
** Changed in: mugle
Status: In Progress = Fix Committed
--
You received this bug notification because you are a member of MUGLE
Developers, which is a direct subscriber.
https://bugs.launchpad.net/bugs/788425
Title:
User can change URLname to that of another user
** Changed in: mugle
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of MUGLE
Developers, which is a direct subscriber.
https://bugs.launchpad.net/bugs/788425
Title:
User can change URLname to that of another user
Status in Melbourne
** Changed in: mugle
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of MUGLE
Developers, which is a direct subscriber.
https://bugs.launchpad.net/bugs/786685
Title:
GameToken is visible to users who don't own the game
Status in
** Changed in: mugle
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of MUGLE
Developers, which is a direct subscriber.
https://bugs.launchpad.net/bugs/786594
Title:
Upload service does not check permissions
Status in Melbourne
OK, it is released.
http://mugle-app.appspot.com/
I have added everyone on this list to the Staff team, so you can upload
games if you wish. Any game you upload will be private by default, so feel
free to do so (but don't check public for now; we just want the student's
games to appear in the
24 matches
Mail list logo
