+1

I would say it was fine if the service required auth and it then checked if the 
user had permission to view details about the order but it doesn't seem to do 
any authorization checks at all.

Regards
Scott

On 15/09/2011, at 2:40 AM, Dimitri Unruh wrote:

> Hi everybody,
> 
> at the moment the  getOrderStatusservice is defined with export="true". Is 
> this really necessary?
> I would like to close it? 
> What do you think?
> 
> Viele Grüße
> Best Regards
> 
> 
> Dimitri Unruh
> Consultant AEW
> Lynx-Consulting GmbH
> Johanniskirchplatz 6
> 33615 Bielefeld
> Deutschland
> Fon: +49 521 5247-0
> Fax: +49 521 5247-250
> Mobil: +49 160 90 57 55 13
> 
> 
> Wir laden Sie herzlich ein:
> DSAG-Jahreskongress
> Datum: 11. - 13. Oktover 2011, Congress Center Leipzig, Halle 2 Stand B01
> 
> Besuchen Sie uns an unserem Stand und freuen Sie sich auf einen intensiven 
> Informations- und Erfahrungsaustausch rund um das Thema Mobility! 
> 
> 
> Company and Management Headquarters:
> Lynx-Consulting GmbH, Johanniskirchplatz 6, 33615 Bielefeld, Deutschland
> Fon: +49 521 5247-0, Fax: +49 521 5247-250, www.lynx.de
> 
> Court Registration: Amtsgericht Bielefeld HRB 35946
> Chief Executive Officers: Karsten Noss, Dirk Osterkamp
> 
> 
> http://www.lynx.de/haftungsausschluss

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to