Status: Accepted
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 2462 by ste...@smacleod.ca: Must enable extension to configure
http://code.google.com/p/reviewboard/issues/detail?id=2462

What's the URL of the page containing the problem?
/admin/extensions/

What steps will reproduce the problem?
1.Visit page
2.Cannot configure (no link shown, and visiting link will error)
3.Enable extension
4.Can now configure

What operating system are you using? What browser?
N/A

Please provide any additional information below.
This seems like a possible security/privacy flaw (also annoyance). In order to configure an extension it must currently be running. This leaves a window between when an extension is enabled, and when it is configured properly. If the extension comes with default configuration which could expose information, or allow abuse of the system, it would be possible to exploit during this time.

This seems to be done for a technical reason. Currently the admin configuration pages won't be loaded or accessible unless the extension is enabled. Fixing this issue might require a large change to the way extensions are structured or executed.


--
You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To post to this group, send email to reviewboard-issues@googlegroups.com.
To unsubscribe from this group, send email to 
reviewboard-issues+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/reviewboard-issues?hl=en.

Reply via email to