[magnolia-dev] [JIRA] Updated: (MAGNOLIA-1011) MgnlContext should never fallback to SystemContext

Fabrizio Giustina (JIRA) Sat, 07 Oct 2006 05:12:15 -0700

     [ http://jira.magnolia.info/browse/MAGNOLIA-1011?page=all ]


Fabrizio Giustina updated MAGNOLIA-1011:
----------------------------------------

    Fix Version/s: 3.0 Final
                       (was: 3.0 RC3)

> MgnlContext should never fallback to SystemContext
> --------------------------------------------------
>
>                 Key: MAGNOLIA-1011
>                 URL: http://jira.magnolia.info/browse/MAGNOLIA-1011
>             Project: magnolia
>          Issue Type: Task
>          Components: core
>    Affects Versions: 3.0 RC2
>            Reporter: Sameer Charles
>         Assigned To: Philipp Bracher
>            Priority: Critical
>             Fix For: 3.0 Final
>
>
> Its a breach of security if we set System context if nothing is set, A simple 
> example would be if you call a JSP from within your template you will have 
> full access without even realizing.
> If its a problem that workflow engine cannot set proper permissions, we can 
> set SystemContext there instead of leaving this security hole.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/magnolia/developer.html
----------------------------------------------------------------

[magnolia-dev] [JIRA] Updated: (MAGNOLIA-1011) MgnlContext should never fallback to SystemContext

Reply via email to