On Tuesday, October 7, 2003, at 12:55 PM, Robert Gillis wrote:
Hello Everyone;
I was just playing around with the database browser portlet (which
comes standard with jetspeed) and couldn't help but notice that any user
could edit the query (when customizing the portlet). In turn, the user
can change the query to 'select * from turbine_user' and get a list of
username's and passwords for the system. Other then removing the
portlet from the system, is there any other way I could change this so
that the users wouldn't be able to see this information?
Thanks
Rob
Check the CVS head, I thought this parameter now requires the admin role Mark made that change recently
-- David Sean Taylor Bluesunrise Software [EMAIL PROTECTED] +01 707 773-4646 +01 707 529 9194
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
