Hi,
Thanks for the feedback. I finally got 1.4b3 working by doing a fresh
install and rolling my content into it. It's not 100% yet, but I'm getting
close. However, my reason for making the upgrade was this:
We're trying to develop a jetspeed toolkit for internal use by serparate
development teams. However, right now any user can substitute someone
else's username in the url for any Jetspeed actions and have free run of
their portlets (assuming they are in the same group) reconfiguring them,
viewing their output, etc. I thought the allow-if-owner security tag would
fix this, but it doesn't seem to have done anything.
Does anyone know how I can get Jetspeed to refuse attempts by user X to
hit portlets defined in user Y's default.psml when they are in the same
group? Thank you.
Mike McLawhorn
_________________________________________________________________
MSN 8: advanced junk mail protection and 2 months FREE*.
http://join.msn.com/?page=features/junkmail
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
- Re: Security issues with Jetspeed 1.4b3 Michael McLawhorn
- Re: Security issues with Jetspeed 1.4b3 David Sean Taylor
- Re: Security issues with Jetspeed 1.4b3 Paul Spencer
- Re: Security issues with Jetspeed 1.4b3 Jim Arnott
