[mapguide-trac] #168: Can't enumerate sessions via
ENUMERATERESOURCES
MapGuide Open Source
trac_mapguide at osgeo.org
Mon May 28 13:53:49 EDT 2007
#168: Can't enumerate sessions via ENUMERATERESOURCES
------------------------------+---------------------------------------------
Reporter: zspitzer | Owner:
Type: enhancement | Status: new
Priority: medium | Milestone: 1.2
Component: Resource Service | Version: 1.2.0
Severity: minor | Resolution:
Keywords: | External_id:
------------------------------+---------------------------------------------
Comment (by stevedang):
It is stricly for security reason. If user A knows user B's session ID,
he/she will be able to access user B's data. ENUMERATERESOURCES may be
modified so that the current user (excluding generic/system acounts such
as Administrator, Author, Anonymous, etc.) can enumerate all of his/her
resources for the current session. This will require a schema change.
--
Ticket URL: <http://trac.osgeo.org/mapguide/ticket/168#comment:2>
MapGuide Open Source <http://mapguide.osgeo.org/>
MapGuide Open Source Internals
More information about the mapguide-trac
mailing list