search

Indicia-Team / google-archive

Automatically exported from code.google.com/p/indicia
0 stars 0 forks source link

Services security issues #93

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Currently these restrictions to submissions over the services apply to the 
top level model: we need to ensure that the use of superModels does not 
circumvent these restrictions - can these be used to access/modify records 
on other websites, and tables we want to prevent access to?

We need to ensure that the users can not set the website_id explicitly 
unless creating a record, when the website_id must match that of the 
updating user.

Original issue reported on code.google.com by vanbr...@btinternet.com on 19 Mar 2009 at 2:09

GoogleCodeExporter commented 9 years ago 
Also applies to submodels and metafields - there may be more....

Original comment by vanbr...@btinternet.com on 24 Mar 2009 at 12:45

GoogleCodeExporter commented 9 years ago

Original comment by johnvanb...@gmail.com on 28 Sep 2009 at 7:18