SecurityFilter must be mefore VirtualURIFilter
----------------------------------------------
Key: MAGNOLIA-1468
URL: http://jira.magnolia.info/browse/MAGNOLIA-1468
Project: Magnolia
Issue Type: Bug
Components: core
Affects Versions: 3.0.2
Reporter: Sameer Charles
Assigned To: Sameer Charles
Priority: Critical
Fix For: 3.1
Hi Devs,
what's the reason that we check security after VirtualURIFilter? this could
lead to many security holes, first and obvious would be if you are
forwarding request within VirtualURI it will simply ignore security.
Virtual URI's should also be protected, I know we are missing this part in GUI
where you can define ACL for the URI but it will come in future.
I would propose to change this order in filter definition, if anyone of you has
any concerns please let me know.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/developer.html
----------------------------------------------------------------
