This is a serious security concern, defining group access rights on menu items is not enough to restrict access to
How do you protect against this ? someone could just try action ids one by one until they find an existing action that gives him/her access to potentially private information.
I restricted access to a window action to a specific group, but I was still able to see it with a user that doesn't belong to that group.
Is this a bug? or am I missing something?
Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!
About This Community
|Asked: 12/26/13, 2:54 PM|
|Seen: 513 times|
|Last updated: 3/16/15, 8:10 AM|