Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-1468

SecurityFilter must be before VirtualURIFilter

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 3.1 M1
    • 3.0.2
    • core
    • None

    Description

      Hi Devs,

      what's the reason that we check security after VirtualURIFilter? this could lead to many security holes, first and obvious would be if you are
      forwarding request within VirtualURI it will simply ignore security.
      Virtual URI's should also be protected, I know we are missing this part in GUI where you can define ACL for the URI but it will come in future.

      I would propose to change this order in filter definition, if anyone of you has any concerns please let me know.

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              scharles Sameer Charles
              scharles Sameer Charles
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Bug DoR
                  Task DoD