Ticket #98 (closed defect: fixed)
Annotation based security is easy to bypass by adding ".html' to the URL
|Reported by:||Gavin||Owned by:||Gavin|
|Priority:||blocker||Milestone:||0.8 - Purchasing and Inventory Improvements|
|Component:||gnuMims - application security||Version:||trunk|
Upstream security issue, see: http://jira.grails.org/browse/GPACEGI-41
Recommended fix is to set Config.groovy: grails.mime.file.extensions = false
This did not leave gnuMims completely open to the world since gnuMims was configured with pessimistic security. However a logged in user may access urls that they are not authorised to.