Mike, Good catch. I thought I had nailed all these down, but this version does look like if you are authenticated and know the URL, it would let you go places you shouldn't be allowed. Let me go back through my latest customized version and compare. There should be checks that will boot you back to the home page (or was it the login page?) if you try to view a page you're not supposed to be allowed to access.
I'll generate a new (generic) diff based off the latest 4.4 and re-post. Thanks, Andy ----- Original Message ----- From: "Michael Picher" <[email protected]> To: "Discussion list for users of sipXecs software" <[email protected]> Sent: Thursday, December 8, 2011 2:38:19 PM Subject: Re: [sipx-users] Web portal access restricted to CDR report only Andrew, does this just use flags in the GUI for menus? How secure is this? If somebody still knows a URI can they get to it?
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
