[opencms-dev] Permissions flaw
Claus Priisholm
cpr at codedroids.com
Wed Feb 24 15:21:45 CET 2010
I guess you can argue both ways. Having shared contents but 2
"filehandles" with different permissions is asking for trouble. But
"better safe than sorry" would of course mean that the least of the
permissions should take precedence. I haven't checked the code to see if
the combined permissions of all siblings are evaluated, but if this is
the case, then you may be able to achieve the wanted result be
explicitly denying the write-permission on "b" (i.e. +r-w+v )...
Rainer Reichel wrote:
> Hi all,
>
> I'm a little bit confused about the concept of permissions
> of OpenCms but today I created a link in folder "a" (+r+w+v+c+d)
> to a resource in folder "b" (+r+v) and could edit and write
> the resource in "a"??? In this scenario links would a
> real security issue to discuss.
>
> Best regards
>
> Rainer
>
--
Claus Priisholm, CodeDroids ApS
Phone: +45 48 22 46 46
cpr (you know what) codedroids.com - http://www.codedroids.com
cpr (you know what) interlet.dk - http://www.interlet.dk
--
Javadocs and other OpenCms stuff:
http://www.codedroids.com/community/opencms
More information about the opencms-dev
mailing list