[ https://issues.apache.org/jira/browse/OFBIZ-4956?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sharan Foga updated OFBIZ-4956: ------------------------------- Sprint: Bug Crush Event - 21/2/2015 > "auth" should be true for all the request url used for Application components. > ------------------------------------------------------------------------------ > > Key: OFBIZ-4956 > URL: https://issues.apache.org/jira/browse/OFBIZ-4956 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS > Affects Versions: Release Branch 11.04, Release Branch 12.04, Release > Branch 13.07, Trunk > Reporter: Amardeep Singh Jhajj > Assignee: Ashish Vijaywargiya > Attachments: OFBIZ-4956-Release-10.04.patch, > OFBIZ-4956-Release-11.04.patch, OFBIZ-4956.patch > > > Currently there are some url present in application components with > auth="false". So anyone can hit this urls and can access any resources > without authorization. > For Example - > https://demo-trunk.ofbiz.apache.org:8443/content/control/ViewSimpleContent?dataResourceId=GZ-DIG > Currently, the above url does not need authorization (you can access any > resource by changing the dataResourceId). I think all the url should be > secure with auth="true" and https="true" in all the application components. -- This message was sent by Atlassian JIRA (v6.3.4#6332)