[opencms-dev] Multitenant configuration
Tobias Herrmann
t.herrmann at alkacon.com
Wed Dec 5 15:46:39 CET 2012
Hi Alessandro,
this should not be possible.
Please state which OpenCms version you are using and how you have set up your permissions.
We would like to verify the issue and fix it, if it is a bug.
Greetings, Tobias
--
Alkacon Software GmbH - The OpenCms Experts
http://www.alkacon.com
http://www.opencms.org
Am 05.12.2012 15:35, schrieb Alessandro Magnolo:
> It gets worse: if you use the DownloadGalleryWidget layout widget, a
> user can write in any folder of the entire opencms installation, even
> in folders where he can't write using the workplace (AKA Explorer
> view).
>
> In other words, the DownloadGalleryWidget bypasses the permission
> checks on the VFS, that normally don't allow an OU user to write in
> other OUs folders. This is extremely dangerous.
>
>
> Alessandro Magnolo
>
>
> On Wed, Dec 5, 2012 at 11:53 AM, Kunicke, Holger
> <holger.kunicke at av-studio.de> wrote:
>> Hello List,
>>
>> does everybody knows a possibility to restrict the automatism of an
>> "OpenCmsVfsFile" field, which transforms absolute into relative URLs, to an
>> OU or deactivate this completely?
>>
>> My reason for this question is:
>> We have more clients in one CMS and the probability is given that our
>> clients creates links between them.
>>
>> Regards
>> Holger
>>
>> _______________________________________________
>> This mail is sent to you from the opencms-dev mailing list
>> To change your list options, or to unsubscribe from the list, please visit
>> http://lists.opencms.org/cgi-bin/mailman/listinfo/opencms-dev
>>
>>
>>
>>
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://lists.opencms.org/cgi-bin/mailman/listinfo/opencms-dev
>
>
>
More information about the opencms-dev
mailing list