Closed erogray closed 3 months ago
http://demo.getdkan.com/admin/structure/views/view/dkan_harvest_source_search/edit has Access: None http://demo.getdkan.com/admin/structure/views/view/og_nodes/edit has Access: None http://demo.getdkan.com/admin/structure/views/view/og_members/edit has Access: None http://demo.getdkan.com/admin/structure/views/view/og_members_admin/edit has Access: None http://demo.getdkan.com/admin/structure/views/view/stories/edit has Access: None http://demo.getdkan.com/admin/structure/views/view/user_profile_search/edit has Access: None
This may not pose a significant security risk; is Access: None an acceptable default? https://www.drupal.org/docs/7/modules/views/views-howtos/views-permissions seems to imply that permissions-based views are better.
DKAN v1 issue, closing due to EOL.
Recommended by Acquia Insight (Security category):
Details The displays defined by the Views module should have access checks defined to prevent information disclosure.
Actions / resolutions Visit %site_domain/admin/structure/views and edit each of the views listed below. For each of the listed displays, in the central column of the UI will be an Access option. Click this and choose a role or permission that's appropriate to the content displayed by the view, then save.
If you have a view which is supposed to be accessible by everyone, it's best to explicitly give the Anonymous and Authenticated roles rights to see it, so it's clear to other administrators that this decision was intentional.