Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-1432

security: cache can go round security checks

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 3.1 M1
    • 3.0.2
    • None
    • None

    Description

      The filter are ordered as such
      1. security check (only secure/unsecure uri --> no role based check or similar)
      2. cache
      3. cms filter (checks if the user can read the content)

      If I login as superuser and trigger the cache for several pages, user logging in later can see the cached page independently of the acls.

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                pbaerfuss Philipp Bärfuss
                pbaerfuss Philipp Bärfuss
                Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD