Details
-
Bug
-
Resolution: Won't Fix
-
Critical
-
COmanage Registry 0.8.5 (Omnipotent Octagon Strikes Back)
-
None
-
Debian 7 MySql
Description
Created a petition for a new member. Did not approve - CO person still at 'pending approval.' Went to edit the CO person, hit 'autogenerate identifiers'. Identifiers were created, provisioning plugins invoked, and principals in provisioned systems created. CO person still at pending approval.
Seems like a big security hole.
Should the 'autogenerate' be disabled until approved? Or Should the provisioning plugins not be invoked, by ID still generated? I think I favor the later as it could be a chance for approver to tweek the ID before provisioning.