Authorization check is incomplete for tables created with joins.

AlyceBrady / ramp

Record and Activity Management Program (temporarily combined with SMART: Software for Managing Academic Records and Transcripts)

BSD 2-Clause "Simplified" License

3 stars 11 forks source link

Authorization check is incomplete for tables created with joins. #31

Closed AlyceBrady closed 10 years ago

AlyceBrady commented 11 years ago

For tables with joins, authorization check only looks for permission to access initial table (i.e., that access to *tableName is allowed), does not check that user is also permitted to access the information that it is access from other tables.