[
https://issues.apache.org/jira/browse/OFBIZ-4956?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ashish Vijaywargiya reassigned OFBIZ-4956:
------------------------------------------
Assignee: Amardeep Singh Jhajj (was: Ashish Vijaywargiya)
Hello Amardeep,
Please take this issue further and conclude things. Once you are done with finalization then please feel free to assign this issue back to me or take Pranay's help in committing the changes to trunk.
Thanks!
> "auth" should be true for all the request url used for Application components.
> ------------------------------------------------------------------------------
>
> Key: OFBIZ-4956
> URL:
https://issues.apache.org/jira/browse/OFBIZ-4956> Project: OFBiz
> Issue Type: Improvement
> Components: ALL APPLICATIONS
> Affects Versions: Release Branch 11.04, Release Branch 12.04, Release Branch 13.07, Trunk
> Reporter: Amardeep Singh Jhajj
> Assignee: Amardeep Singh Jhajj
> Attachments: OFBIZ-4956-Release-10.04.patch, OFBIZ-4956-Release-11.04.patch, OFBIZ-4956.patch
>
>
> Currently there are some url present in application components with auth="false". So anyone can hit this urls and can access any resources without authorization.
> For Example -
https://demo-trunk.ofbiz.apache.org:8443/content/control/ViewSimpleContent?dataResourceId=GZ-DIG> Currently, the above url does not need authorization (you can access any resource by changing the dataResourceId). I think all the url should be secure with auth="true" and https="true" in all the application components.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Locked
