Hi Sonali Agrahari, You can set security.login.externalLoginKey.enabled to false in the security.properties file for it.
Or You can also prepare & load data for SystemProperty entity. <SystemProperty systemResourceId="security" systemPropertyId="security.login.externalLoginKey.enabled" systemPropertyValue="false"/> HTH Thanks and Regards, *Aditya Sharma* | Enterprise Software Engineer HotWax Commerce <http://www.hotwax.co/> by HotWax Systems <http://www.hotwaxsystems.com/> <https://www.linkedin.com/in/aditya-sharma-78291810a/> On Mon, Mar 12, 2018 at 2:36 PM, Deepak Dixit < deepak.di...@hotwaxsystems.com> wrote: > Hi Sonali Agrahari > > Your email has been moderated, Please subscribe to mailing list > http://ofbiz.apache.org/mailing-lists.html > > > Could you please share which ofbiz version you are using? > You can configure it using session-config config in web.xml. > > > Thanks & Regards > -- > Deepak Dixit > www.hotwaxsystems.com > www.hotwax.co > > ---------- Forwarded message ---------- > From: Sonali Agrahari <sonaliagraha...@gmail.com> > To: user@ofbiz.apache.org > Cc: > Bcc: > Date: Mon, 12 Mar 2018 01:50:52 -0700 (MST) > Subject: Security threats in OFbiz > Hello all , > > How we can resolve " Privilege Escalation using an Under-Privileged > User " security issue i,e > After logged-in to application , URL with its external login key of that > web > page are copied to other browser, then that web page will be opened without > login and we can access whole application. > > How it can be resolved .. > > Kindly help. > > > Thank you > > Regards , > > Sonali Agrahari > > > > > > > -- > Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html >
