Context Navigation

← Previous Ticket
Next Ticket →

#98 closed defect (fixed)

Annotation based security is easy to bypass by adding ".html' to the URL

Reported by:	Gavin	Owned by:	Gavin
Priority:	blocker	Milestone:	0.8 - Purchasing and Inventory Improvements
Component:	gnuMims - application security	Version:	trunk
Keywords:		Cc:

Description

Upstream security issue, see: http://jira.grails.org/browse/GPACEGI-41

Recommended fix is to set Config.groovy: grails.mime.file.extensions = false

This did not leave gnuMims completely open to the world since gnuMims was configured with pessimistic security. However a logged in user may access urls that they are not authorised to.

Change History (1)

comment:1 Changed 13 years ago by Gavin

Resolution:	→ fixed
Status:	new → closed

Fixed in r887.

Note: See TracTickets for help on using tickets.

Download in other formats:

Comma-delimited Text
Tab-delimited Text
RSS Feed