Ir al contenido
Menú
Se marcó esta pregunta
3589 Vistas

This is a serious security concern, defining group access rights on menu items is not enough to restrict access to actions

How do you protect against this ? someone could just try action ids one by one until they find an existing action that gives him/her access to potentially private information.

I restricted access to a window action to a specific group, but I was still able to see it with a user that doesn't belong to that group.

Is this a bug? or am I missing something?

Avatar
Descartar
Publicaciones relacionadas Respuestas Vistas Actividad
1
oct 23
8354
0
mar 15
3783
1
mar 15
4977
0
mar 25
734
2
oct 24
1648