[jira] [Updated] (CAUSEWAY-3740) [NOT A PROBLEM] Fix security perms to prevent users from adding themselves to a role just by guessing the role.

Daniel Keir Haywood (Jira) Thu, 09 May 2024 15:31:05 -0700


     [ 
https://issues.apache.org/jira/browse/CAUSEWAY-3740?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Daniel Keir Haywood updated CAUSEWAY-3740:
------------------------------------------
    Summary: [NOT A PROBLEM] Fix security perms to prevent users from adding 
themselves to a role just by guessing the role.  (was: Fix security perms to 
prevent users from adding themselves to a role just by guessing the role.)

> [NOT A PROBLEM] Fix security perms to prevent users from adding themselves to 
> a role just by guessing the role.
> ---------------------------------------------------------------------------------------------------------------
>
>                 Key: CAUSEWAY-3740
>                 URL: https://issues.apache.org/jira/browse/CAUSEWAY-3740
>             Project: Causeway
>          Issue Type: Bug
>    Affects Versions: 2.0.0
>            Reporter: Daniel Keir Haywood
>            Assignee: Daniel Keir Haywood
>            Priority: Minor
>             Fix For: 2.1.0
>
>
> While we currently do prevent users from adding a role to their 
> ApplicationUser, we do not have a restriction to prevent a user from adding a 
> user from an ApplicatoinRole.  So if they were to guess what a role is, this 
> might be a backdoor.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CAUSEWAY-3740) [NOT A PROBLEM] Fix security perms to prevent users from adding themselves to a role just by guessing the role.

Reply via email to