Hi all, We have been conducting a security audit of our portal and have discovered a situation where data of another user can be exposed via the Switch Identity portlet.
For example, an admin user uses the Switch Identity portlet to switch to a student, then can view that user's timetable and enrolment information, which is meant to be private. A similar case applies to the email portlet. There are other scenarios as well, as you could imagine, since you are effectively being logged in as that user and can see and edit everything they can. Aside from further locking down of the list of users that can access the Switch Identity portlet, we are proposing a minor enhancement to the portlet itself which is to set a session attribute that signals that the user is impersonating the other user. Portlets could then read that session attribute and if they display private information, decide not to render themselves. The attribute would then be cleared at logout time. This should be a non obtrusive modification and the changes to portlets only need to be made as required. For example we would change our own local timetable portlet, but not worry about the weather portlet. We are interested to hear peoples thoughts on this and comments on the proposed solution. If all is ok, I'll write it up in Jira and get it done. cheers, Steve -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-dev
