Amardeep Singh Jhajj created OFBIZ-4956:
-------------------------------------------
Summary: "auth" should be true for all the request url used for
Application components.
Key: OFBIZ-4956
URL: https://issues.apache.org/jira/browse/OFBIZ-4956
Project: OFBiz
Issue Type: Improvement
Components: ALL APPLICATIONS
Reporter: Amardeep Singh Jhajj
Fix For: Release Branch 10.04, Release Branch 11.04, SVN trunk,
Release Branch 12.04
Currently there are some url present in application components with
auth="false". So anyone can hit this urls and can access any resources without
authorization.
For Example -
https://demo-trunk.ofbiz.apache.org:8443/content/control/ViewSimpleContent?dataResourceId=GZ-DIG
Currently, the above url does not need authorization (you can access any
resource by changing the dataResourceId). I think all the url should be secure
with auth="true" and https="true" in all the application components.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
