portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Weaver, Scott" <Swea...@rippe.com>
Subject Possible security bug with portlet default security.
Date Thu, 03 Apr 2003 19:53:48 GMT

When adding a portlet through the customizer, it's security ref is set to the " services.PortalToolkit.default.user.security.ref"
value in JS.props.

Is this correct?  

I can see this for portlet sets but not for individual portlets that may have tighter restriction
set at the registry level.  I vote that this logic be removed as it can give a user more access
then what was intended.

* Scott T Weaver                    *
* Jakarta Jetspeed Portal Project   *
* weaver@apache.org                 *

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message