[
https://issues.apache.org/jira/browse/OFBIZ-2074?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux updated OFBIZ-2074:
-----------------------------------
Attachment: ProtectedView.patch
When I applied Ray's patch on my patch I noticed that one line slipped in as
duplicate (not sure why, should not be normally) it was
protect-view.preprocessor=java.org.ofbiz.webapp.control.ProtectViewWorker.checkProtectedView
But another a lot more annoying slipped in also as duplicate
<event type="java" path="org.ofbiz.webapp.control.ProtectViewWorker"
invoke="checkProtectedView"/>
Hence the control was done twice. It's fixed in this last patch.
I also added a reset to 0 of the value of the static Map hitsByViewAccessed for
the view when the view/login is tarpitted. This allow the admin to reset the
login/view couple by putting 0 in TarpittedLoginView.tarpitReleaseDateTime
field. I did not create an ui for that since using Entity Data Maintenance
sounds just fine.
> Grey list feature for confidential data access
> ----------------------------------------------
>
> Key: OFBIZ-2074
> URL: https://issues.apache.org/jira/browse/OFBIZ-2074
> Project: OFBiz
> Issue Type: New Feature
> Components: ALL COMPONENTS
> Affects Versions: SVN trunk
> Environment: NA
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: ProtectedView.patch, ProtectedView.patch,
> ProtectedView.patch, ProtectedView.patch, ProtectedView.patch,
> ProtectedView.patch, ProtectedView.patch
>
> Original Estimate: 20h
> Time Spent: 19h
> Remaining Estimate: 1h
>
> The goal is to avoid, as much as possible, confidential data leakage.
> This feature will disallow access for a period of time to a view if this view
> is accessed more than a number of time in a period of time. This will prevent
> confidential data thievery done from a compromised login/pwd couple.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
