Project

General

Profile

Actions
Copy link

Bug #503

closed

Access control problem to a replicated doucment

Added by Jing Tao over 22 years ago. Updated over 22 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jing Tao
Category:
metacat
Target version:
1.2
Start date:
05/12/2002
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
503

Description

If a document was created by user A in NCEAS metacat. Its permission set owner
has all permission and public has read permission. In morpho, another user B
only can read it.

If this document was replicated to Pine metacat. User B can update it through
morpho even user B only has read permission.

It seemed that metacat have some security hole.

Actions
Copy link
 #1

Updated by Jing Tao over 22 years ago

Add a permission control in DocumentImple class for server code not equlas 1 (
this means the document was replicated from another metacat).

Now user B can NOT update the document which was replicated from another
server if user B only has read permission.

Actions
Copy link
 #2

Updated by Redmine Admin over 11 years ago

Original Bugzilla ID was 503

Actions
Copy link

Also available in: Atom PDF