*** This bug is a security vulnerability ***
Public security bug reported:
While Prageeth has coded the casting of shared objects to datastore
objects to have security checks, these can be bypassed by calling the
shared services directly. The type of these classes should be changed
to Protected if possible to avoid this
** Affects: mugle
Importance: Medium
Status: New
** Visibility changed to: Public
** Changed in: mugle
Importance: Undecided => Medium
--
You received this bug notification because you are a member of MUGLE
Developers, which is a direct subscriber.
https://bugs.launchpad.net/bugs/786016
Title:
Direct Access to Services from client side
Status in Melbourne University Game-based Learning Environment:
New
Bug description:
While Prageeth has coded the casting of shared objects to datastore
objects to have security checks, these can be bypassed by calling the
shared services directly. The type of these classes should be changed
to Protected if possible to avoid this
--
Mailing list: https://launchpad.net/~mugle-dev
Post to : [email protected]
Unsubscribe : https://launchpad.net/~mugle-dev
More help : https://help.launchpad.net/ListHelp
