Project

General

Profile

Bug #503

Access control problem to a replicated doucment

Added by Jing Tao over 17 years ago. Updated over 17 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
metacat
Target version:
Start date:
05/12/2002
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
503

Description

If a document was created by user A in NCEAS metacat. Its permission set owner
has all permission and public has read permission. In morpho, another user B
only can read it.

If this document was replicated to Pine metacat. User B can update it through
morpho even user B only has read permission.

It seemed that metacat have some security hole.

History

#1 Updated by Jing Tao over 17 years ago

Add a permission control in DocumentImple class for server code not equlas 1 (
this means the document was replicated from another metacat).

Now user B can NOT update the document which was replicated from another
server if user B only has read permission.

#2 Updated by Redmine Admin over 6 years ago

Original Bugzilla ID was 503

Also available in: Atom PDF