Task #1580

Avoid privilege escalation in ChangePassword action

Added by Davide Principi over 8 years ago. Updated over 8 years ago.

Status:CLOSEDStart date:12/04/2012
Priority:NormalDue date:12/04/2012
Assignee:-% Done:

100%

Category:nethserver-baseEstimated time:2.00 hours
Target version:NSA1

Description

Enforce user rights check to change the password in bind() method

Associated revisions

Revision 7945b087
Added by Davide Principi over 8 years ago

Added reminder to fix privilege escalation risk. Refs #1580

Revision 06d330ed
Added by Davide Principi over 8 years ago

AbstractModule: implement \Nethgui\Authorization\PolicyEnforcementPointInterface. Refs #1580 -- Avoid privilege escalation in ChangePassword action

Revision f6f44355
Added by Davide Principi over 8 years ago

Fixed log verbosity with NETHGUI_DEBUG constant. Refs #1580

Revision 22282c4c
Added by Davide Principi over 8 years ago

Fixed log verbosity. Refs #1580

Revision 1d4686b2
Added by Davide Principi over 8 years ago

ChangePassword: delegate PolicyDecisionPoint to decide if the current user can change the password. Refs #1580

History

#1 Updated by Davide Principi over 8 years ago

  • Due date set to 12/04/2012
  • Status changed from NEW to CLOSED
  • Start date set to 12/04/2012
  • % Done changed from 0 to 100

#2 Updated by Davide Principi over 8 years ago

  • Project changed from 1 to NethServer 6

Also available in: Atom PDF