Uploaded image for project: 'COmanage'
  1. COmanage
  2. CO-554

Trivial Leak of CO Identifiers

    XMLWordPrintable

Details

    Description

      Accessing a url with an invalid CO like

      /registry/co_extended_attributes/edit/2/co:145

      leaks information since the authn check is performed after the COID is validated. While authz can't take place until coid is validated, at least authn could. Though there may not be an elegant way to do this in Cake

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. CO-620 Discontinue Use of CO ID in URL

          • Major - Major loss of function.
          • In Progress

          Activity

            People

              benn.oshrin@at.internet2.edu Benn Oshrin (internet2.edu)
              benn.oshrin@at.internet2.edu Benn Oshrin (internet2.edu)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: