[ http://jira.magnolia.info/browse/MAGNOLIA-1468?page=all ]
Sameer Charles resolved MAGNOLIA-1468.
--------------------------------------
Resolution: Fixed
> SecurityFilter must be before VirtualURIFilter
> ----------------------------------------------
>
> Key: MAGNOLIA-1468
> URL: http://jira.magnolia.info/browse/MAGNOLIA-1468
> Project: Magnolia
> Issue Type: Bug
> Components: core
> Affects Versions: 3.0.2
> Reporter: Sameer Charles
> Assigned To: Sameer Charles
> Priority: Critical
> Fix For: 3.1
>
>
> Hi Devs,
> what's the reason that we check security after VirtualURIFilter? this could
> lead to many security holes, first and obvious would be if you are
> forwarding request within VirtualURI it will simply ignore security.
> Virtual URI's should also be protected, I know we are missing this part in
> GUI where you can define ACL for the URI but it will come in future.
> I would propose to change this order in filter definition, if anyone of you
> has any concerns please let me know.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/developer.html
----------------------------------------------------------------
