[MAGNOLIA-5503] Investigate whether it is possible to completely deny the write access to users workspace for the anonymous user Created: 19/Nov/13 Updated: 19/May/22 Resolved: 19/May/22 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | security |
| Affects Version/s: | 5.1.2, 5.2 |
| Fix Version/s: | None |
| Type: | Task | Priority: | Neutral |
| Reporter: | Jozef Chocholacek | Assignee: | Unassigned |
| Resolution: | Won't Do | Votes: | 0 |
| Labels: | next | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Template: |
|
||||
| Acceptance criteria: |
Empty
|
||||
| Task DoR: |
Empty
|
||||
| Date of First Response: | |||||
| Description |
|
Although the anonymous user's permissions on the users workspace have been reduced in MAGNOLIA-5405, the write (more precisely Permission.ALL) access is still set for /system/anonymous/[email|language|pswd|title|lastaccess] paths. Wouldn't it be possible to reduce these permissions to READ, or to eliminate them completely? |
| Comments |
| Comment by Roman Kovařík [ 19/May/22 ] |
|
Hello, This ticket is now marked as closed due to one of the following reasons:
If you are still facing a problem or consider this issue still relevant, please feel free to re-open the ticket and we will reach out to you. Thank you, |