[
https://issues.apache.org/jira/browse/OFBIZ-4956?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ashish Vijaywargiya reassigned OFBIZ-4956:
------------------------------------------
Assignee: Amardeep Singh Jhajj (was: Ashish Vijaywargiya)
Hello Amardeep,
Please take this issue further and conclude things. Once you are done with
finalization then please feel free to assign this issue back to me or take
Pranay's help in committing the changes to trunk.
Thanks!
> "auth" should be true for all the request url used for Application components.
> ------------------------------------------------------------------------------
>
> Key: OFBIZ-4956
> URL: https://issues.apache.org/jira/browse/OFBIZ-4956
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL APPLICATIONS
> Affects Versions: Release Branch 11.04, Release Branch 12.04, Release
> Branch 13.07, Trunk
> Reporter: Amardeep Singh Jhajj
> Assignee: Amardeep Singh Jhajj
> Attachments: OFBIZ-4956-Release-10.04.patch,
> OFBIZ-4956-Release-11.04.patch, OFBIZ-4956.patch
>
>
> Currently there are some url present in application components with
> auth="false". So anyone can hit this urls and can access any resources
> without authorization.
> For Example -
> https://demo-trunk.ofbiz.apache.org:8443/content/control/ViewSimpleContent?dataResourceId=GZ-DIG
> Currently, the above url does not need authorization (you can access any
> resource by changing the dataResourceId). I think all the url should be
> secure with auth="true" and https="true" in all the application components.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
