[MAGNOLIA-1011] MgnlContext should never fallback to SystemContext Created: 21/Aug/06 Updated: 23/Jan/13 Resolved: 16/Oct/06 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | core |
| Affects Version/s: | 3.0 RC2 |
| Fix Version/s: | 3.0 RC4 |
| Type: | Task | Priority: | Critical |
| Reporter: | Sameer Charles | Assignee: | Sameer Charles |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoR: |
Empty
|
| Date of First Response: |
| Description |
|
Its a breach of security if we set System context if nothing is set, A simple example would be if you call a JSP from within your template you will have full access without even realizing. If its a problem that workflow engine cannot set proper permissions, we can set SystemContext there instead of leaving this security hole. |
| Comments |
| Comment by Nicolas Modrzyk [ 21/Aug/06 ] |
|
There should be a workflow context set. I'll check that tomorrow, but I think we should remove the System Context defaulting option as soon as possible. |
| Comment by Sameer Charles [ 16/Oct/06 ] |
|
Its time to finally close this issue, We have to test all external modules. I will leave the logging so you can trace the problem. |
| Comment by Sameer Charles [ 16/Oct/06 ] |
|
on svn |