Bugs item #3541557, was opened at 2012-07-09 02:32 Message generated for change (Comment added) made by franzzieris You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=843359&aid=3541557&group_id=167540
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Security Group: None Status: Open Resolution: None >Priority: 3 Private: No Submitted By: Stefan Rossbach (kargor) Assigned to: Nobody/Anonymous (nobody) Summary: Activities are not validated against permissions Initial Comment: The validation is only performed on the originators side. I only changed 1 line of code and was able to delete files even though I only had read-only access. ---------------------------------------------------------------------- >Comment By: Franz Zieris (franzzieris) Date: 2012-07-09 05:19 Message: So the intention is to shield Saros from malicious participants who send XMPP messages on their own disregarding whether they are allowed to do so? That scenario is not *that* likely, priority level 3. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=843359&aid=3541557&group_id=167540 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Dpp-robot mailing list Dpp-robot@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dpp-robot
