Weceem

Add content type filtering to security policy

Details

  • Type: Task Task
  • Status: Closed Closed
  • Priority: Blocker Blocker
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: 0.9
  • Component/s: None
  • Labels:
    None
  • Request Controller:
    Please Select
  • External Supervisor:
    Please select
  • Executing Programmer:
    Please select

Description

As of the ability to create content via the content submission controller, this needs to be restricted so that attackers cannot create new dynamic script nodes remotely instead of blog comments!

The syntax implemented is as follows:

"ROLE_USER" {
       view true
       create [org.weceem.content.HTMLContent, org.weceem.content.Comment]

      "/blog" {
             create [org.weceem.blog.BlogEntry]
      }
}

"ROLE_GUEST" {
       view true
       create [org.weceem.content.Comment]
}

Activity

Ascending order - Click to sort in descending order
There are no comments yet on this issue.

People

Vote (0)
Watch (0)

Dates

  • Created:
    20/Jan/10 2:57 PM
    Updated:
    28/Jun/10 11:13 AM
    Resolved:
    28/Jun/10 11:13 AM
Atlassian JIRA (v4.2#587) | Report a problem
Powered by a free Atlassian JIRA open source license for Grailsflow. Try JIRA - bug tracking software for your team.