OpenNTF.org - fileSendr
fileSendrOpenDocument[/Projects/pmt.nsf/ProjectView?ReadForm&Query=fileSendr~Bugs]

My Links (Not logged in)
User Name Password
Hosted by Prominic.NET

   Project: fileSendr (Managed by Declan Lynch)
Actions:
RSS  


Hide details for The bugThe bug
Bug ID: NOSS-8GDKTG
Description
Submitted by:ch le
Project Master Chef:Declan Lynch
Bug type:Security
Brief Description:Documents are not secure
Severity:High
VersionV1.1.0
Status:

Details
The view Code Access is "lkp_UploadsBykey"

Go to site : http://yoursite.com/filesender/lkp_UploadsBykey

you get all Code Access
ex:
http://yoursite.com/filesender/getFiles.xsp?AccessID=1k0g7tzwqbif4

One solution :
create a form with a message "Acces interdit" tiltle of form : "$$viewtemplatedefault"


Action taken
Status:Fixed
Implemented in Release:V1.2.0
Fix Details:

All forms and views within the system now redirect to the error.xsp page for additional security.


Modification history
Entered 29-Apr-2011 10:11 by ch le. Last Modified 17-Jul-2011 1:04 by Declan Lynch.

Feedback

Hide details for Documents are not secure ( on 04/29/2011 10:11:06 AM )Documents are not secure ( on 04/29/2011 10:11:06 AM )
Excellent suggestion: "$$viewt... (Craig P Wiseman... on 05/24/2011 09:19:40 AM )
Check out other projects