Task #1580
Avoid privilege escalation in ChangePassword action
Status: | CLOSED | Start date: | 12/04/2012 | |
---|---|---|---|---|
Priority: | Normal | Due date: | 12/04/2012 | |
Assignee: | - | % Done: | 100% | |
Category: | nethserver-base | Estimated time: | 2.00 hours | |
Target version: | NSA1 |
Description
Enforce user rights check to change the password in bind()
method
Associated revisions
Added reminder to fix privilege escalation risk. Refs #1580
AbstractModule: implement \Nethgui\Authorization\PolicyEnforcementPointInterface. Refs #1580 -- Avoid privilege escalation in ChangePassword action
Fixed log verbosity with NETHGUI_DEBUG constant. Refs #1580
Fixed log verbosity. Refs #1580
ChangePassword: delegate PolicyDecisionPoint to decide if the current user can change the password. Refs #1580
History
#1 Updated by Davide Principi over 8 years ago
- Due date set to 12/04/2012
- Status changed from NEW to CLOSED
- Start date set to 12/04/2012
- % Done changed from 0 to 100
#2 Updated by Davide Principi over 8 years ago
- Project changed from 1 to NethServer 6